OpenStack Dashboard (Horizon)

Using the latest keystone V3 policy throws a TypeError

Bug #1564851 reported by Rudolf Vriend
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Dashboard (Horizon)
New
Undecided
Brad Pokorny

Bug Description

Running horizon 9.0.0.0rc2 with the corresponding keystone V3 policy version throws a TypeError while evaluating the policy rule "cloud_admin": "role:admin and (token.is_admin_project:True or domain_id:default)": 'Token' object has no attribute '__getitem__'

It seems that keystoneauth1, django_openstack_auth and horizon do not fully support access to the required set of keystone attributes in the auth context: https://github.com/openstack/keystone/blob/master/keystone/common/authorization.py#L32-L51.

Tags: keystone
Rudolf Vriend (rudolf-vriend-deactivatedaccount)
tags: added: keystone
Brad Pokorny (bpokorny)
Changed in horizon:
assignee: nobody → Brad Pokorny (bpokorny)
Revision history for this message
Brad Pokorny (bpokorny) wrote :

This is a known issue in oslo.policy:

https://bugs.launchpad.net/oslo.policy/+bug/1547684

Revision history for this message
Brad Pokorny (bpokorny) wrote :

As a workaround, I suggest basing your policy in Horizon off of the v3 sample policy from stable/liberty:

https://github.com/openstack/keystone/blob/stable/liberty/etc/policy.v3cloudsample.json

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.