Ceilometer user in service tenant cannot access EventsController::get_all without admin role.
Bug #1448599 reported by
Shunli Zhou
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ceilometer |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Without admin role, ceilometer user in service tenant cannot access EventsControlle
This doesn't make sense.
For an openstack service to access other services, such as nova to access ceilometer. It's better to use the ceilometer user without admin role to avoid some pertential security problems, only the service role is enough.
Only ceilometer user in service tenant with admin role can access EventsControlle
Changed in ceilometer: | |
milestone: | none → liberty-3 |
status: | Fix Committed → Fix Released |
Changed in ceilometer: | |
milestone: | liberty-3 → 5.0.0 |
To post a comment you must log in.
Services interact need assign ceilometer user admin role in service tenant, such as this patch in cookbook https:/ /review. openstack. org/#/c/ 176663/ to workaround this problem.