rbac: after deletion of global-config-acl, admin not able create it
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Juniper Openstack | Status tracked in Trunk | |||||
R3.0 |
Fix Committed
|
High
|
Deepinder Setia | |||
R3.1 |
Fix Committed
|
High
|
Deepinder Setia | |||
R3.2 |
Fix Committed
|
High
|
Deepinder Setia | |||
Trunk |
Fix Committed
|
High
|
Deepinder Setia |
Bug Description
We need to either block admin from deletion of global-config-acl or the creation of it should be allowed after deletion:
root@a5s7:
Rbac is enabled
Oper = read
Name = ['default-
UUID = None
API Server = 127.0.0.1:8082
Rules (3):
----------
1 fqname-to-id *:CRUD,
2 id-to-fqname *:CRUD,
3 documentation *:R,
root@a5s7:
Rbac is enabled
Oper = delete
Name = ['default-
UUID = None
API Server = 127.0.0.1:8082
Rules (3):
----------
1 fqname-to-id *:CRUD,
2 id-to-fqname *:CRUD,
3 documentation *:R,
Confirm (y/n): y
root@a5s7:
Permission Denied
Rbac not supported
root@a5s7:
OS_PASSWORD=
OS_AUTH_URL=http://
OS_USERNAME=admin
OS_TENANT_
OS_NO_CACHE=1
LESSCLOSE=
root@a5s7:
Permission Denied
Rbac not supported
Changed in juniperopenstack: | |
assignee: | nobody → Deepinder Setia (dsetia) |
summary: |
- rbac: after deletetion of global-config-acl, admin not able create it + rbac: after deletion of global-config-acl, admin not able create it |
information type: | Proprietary → Public |
Changed in juniperopenstack: | |
status: | New → In Progress |
Changed in juniperopenstack: | |
milestone: | none → r3.2.0.0-fcs |
Marking it as blocker, it is functionality blocker