OpenStack Identity (keystone)

Lack rights for regular user: unability to create ec2 credentials

Bug #1675377 reported by Andriy Kurilin on 2017-03-23

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	High	David Stanek	OpenStack Identity (keystone) pike-1 "pike-1"

Bug Description

As a regular OpenStack user, I was able to create ec2 credentials without "admin" rights. It was possible before merging one of the recent changes (Presumably, this one - [0]). Now, I'm getting an error "You are not authorized to perform the requested action: identity:ec2_create_credential."[1]

[0] - https://github.com/openstack/keystone/commit/e2949253176b6bf7f9e3ef1ac2793e4abd6382ca
[1] - http://logs.openstack.org/75/429175/16/check/gate-rally-dsvm-rally-ubuntu-xenial/16674c1/rally-plot/results.html.gz#/KeystoneBasic.create_and_delete_ec2credential/failures

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-03-23: Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/449161

Changed in keystone:
assignee:	nobody → David Stanek (dstanek)
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-03-23: Fix merged to keystone (master)

Reviewed: https://review.openstack.org/449161
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=72216757991a2120bb81e0003496eee908373b0c
Submitter: Jenkins
Branch: master

commit 72216757991a2120bb81e0003496eee908373b0c
Author: David Stanek <email address hidden>
Date: Thu Mar 23 13:50:40 2017 +0000

Set the correct in-code policy for ec2 operations

In I8bd0fa342cdfee00acd3c7a33f7232fe0a87e23f we moved some of the policy
defaults into code. Some of the policy were accidentally changed.

Change-Id: Ib744317025d928c7397ab00dc706172592a9abaf
Closes-Bug: #1675377

Changed in keystone:
status:	In Progress → Fix Released

Lance Bragstad (lbragstad) on 2017-03-23

Changed in keystone:
milestone:	none → pike-1
importance:	Undecided → High

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-04-12: Fix included in openstack/keystone 12.0.0.0b1

This issue was fixed in the openstack/keystone 12.0.0.0b1 development milestone.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.