RBAC - When RBAC is enabled, new admin token gets fetched and been used as owner rather than using the actual user token
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Juniper Openstack | Status tracked in Trunk | |||||
R3.0 |
Fix Committed
|
High
|
Deepinder Setia | |||
R3.1 |
Fix Committed
|
High
|
Deepinder Setia | |||
Trunk |
Fix Committed
|
High
|
Deepinder Setia |
Bug Description
When rbac is enabled, new admin token gets fetched and been used as owner rather than using the actual user token, as a result the perms2 shows owner as admin rather than tenant.
root@a5d02e33:~# contrail-version
Package Version Build-ID | Repo | Package Name
-------
contrail-analytics 3.1.0.0-2730 2730
contrail-config 3.1.0.0-2730 2730
contrail-
contrail-control 3.1.0.0-2730 2730
contrail-dns 3.1.0.0-2730 2730
contrail-docs 3.1.0.0-2730 2730
contrail-f5 3.1.0.0-2730 2730
contrail-
contrail-heat 3.1.0.0-2730 2730
contrail-
contrail-lib 3.1.0.0-2730 2730
contrail-nodemgr 3.1.0.0-2730 2730
contrail-
contrail-openstack 3.1.0.0-2730 2730
contrail-
contrail-
contrail-
contrail-
contrail-
contrail-
contrail-setup 3.1.0.0-2730 2730
contrail-utils 3.1.0.0-2730 2730
contrail-
contrail-web-core 3.1.0.0-2730 2730
ifmap-python-client 0.1-2 2730
ifmap-server 0.3.2-1contrail2 2730
neutron-
nova-api 1:2015.
nova-common 1:2015.
nova-conductor 1:2015.
nova-console 1:2015.
nova-consoleauth 1:2015.
nova-novncproxy 1:2015.
nova-objectstore 1:2015.
nova-scheduler 1:2015.
python-contrail 3.1.0.0-2730 2730
python-
python-nova 1:2015.
root@a5d02e33:~#
On denugging it is seen that this issue is seen when multi_tenancy is not set "/etc/contrail/
information type: | Proprietary → Public |
summary: |
- When rbac is enabled, new admin token gets fetched and been used as - owner rather than using the actual user token + RBAC - When RBAC is enabled, new admin token gets fetched and been used + as owner rather than using the actual user token |
tags: | added: config |
Changed in juniperopenstack: | |
importance: | Undecided → High |
Review in progress for https:/ /review. opencontrail. org/22792
Submitter: Deepinder Setia (<email address hidden>)