Missing configuration for application access rules
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kolla-ansible |
Fix Released
|
Medium
|
Will Szumski | ||
Wallaby |
Fix Released
|
Medium
|
Maksim Malchuk | ||
Xena |
Fix Released
|
Medium
|
Maksim Malchuk | ||
Yoga |
Fix Released
|
Medium
|
Maksim Malchuk |
Bug Description
Release: Wallaby, but I think this affects master.
Steps to reproduce:
- Create an application cred with the following rules
[
{
"path": "/v2.1/**",
"method": "GET",
"service": "compute"
},
{
"path": "/**",
"method": "GET",
"service": "network"
}
]
- Try and use the application credential to do an openstack server list
- Observe that the request is refused with status 401
Looking in the logs, I saw:
Cannot validate request with restricted access rules. Set service_type in [keystone_
I believe we need to add the equivalent of:
[keystone_
service_type = compute
to every service, where this particular example is for nova.
Changed in kolla-ansible: | |
importance: | Undecided → Medium |
Changed in kolla-ansible: | |
assignee: | nobody → Will Szumski (willjs) |
Fix proposed to branch: master /review. opendev. org/c/openstack /kolla- ansible/ +/834035
Review: https:/