Skyline system scope support
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
skyline console |
Confirmed
|
Wishlist
|
Boxiang Zhu |
Bug Description
Hi All,
I have started testing Skyline Console and API recently with enabled domains in keystone and noticed a problem which is similar to https:/
2023-03-28 10:07:08.444 23 ERROR keystone.
Steps to reproduce:
- Default configuration of Openstack with enabled Skyline Console and Skyline API
- created skyline user with system scope admin role and admin role in service project
- enforce_scope set to true in keystone.conf
Expected Result:
As for keystone documentation, list_domains action needs role:reader and system_scope:all, which should be satisfied by adding admin role with system scope to skyline user
| Role | User | Group | Project | Domain | System | Inherited |
| admin | skyline@Default | | | | all | False |
| admin | skyline@Default | | service@Default | | | False |
Domains should be visible in skyline login page in a dropdown menu.
Actual result:
Domains are not listed in dropdown menu. Following events are visible in keystone logs:
2023-03-28 10:07:08.444 23 ERROR keystone.
2023-03-28 10:07:08.444 23 ERROR keystone.
2023-03-28 10:07:08.444 23 ERROR keystone.
2023-03-28 10:07:08.444 23 ERROR keystone.
2023-03-28 10:07:08.444 23 ERROR keystone.
2023-03-28 10:07:08.444 23 ERROR keystone.
2023-03-28 10:07:08.444 23 ERROR keystone.
2023-03-28 10:07:08.444 23 ERROR keystone.
2023-03-28 10:07:08.444 23 ERROR keystone.
2023-03-28 10:07:08.444 23 ERROR keystone.
2023-03-28 10:07:08.444 23 ERROR keystone.
2023-03-28 10:07:08.444 23 ERROR keystone.
2023-03-28 10:07:08.444 23 ERROR keystone.
2023-03-28 10:07:08.444 23 ERROR keystone.
2023-03-28 10:07:08.444 23 ERROR keystone.
2023-03-28 10:07:08.444 23 ERROR keystone.
2023-03-28 10:07:08.444 23 ERROR keystone.
2023-03-28 10:07:08.444 23 ERROR keystone.
2023-03-28 10:07:08.444 23 ERROR keystone.
2023-03-28 10:07:08.444 23 ERROR keystone.
2023-03-28 10:07:08.444 23 ERROR keystone.
2023-03-28 10:07:08.444 23 ERROR keystone.
2023-03-28 10:07:08.444 23 ERROR keystone.
2023-03-28 10:07:08.444 23 ERROR keystone.
2023-03-28 10:07:08.444 23 ERROR keystone.
Environment:
- Fresh install of Openstack master from kolla ansible
- skyline-apiserver 1.1.0.dev19
- docker image based on ubuntu 22.04
skyline_
default:
access_
access_
cors_
database_url: mysql:/
debug: True
log_dir: /var/log/
secret_key: *redacted*
session_name: session
openstack:
base_domains:
- heat_user_domain
default_region: LAB-01
extension_
floating-
qos: neutron_qos
vpnaas: neutron_vpn
keystone_url: http://
nginx_prefix: /api/openstack
reclaim_
service_mapping:
compute: nova
identity: keystone
image: glance
key-manager: barbican
network: neutron
orchestration: heat
placement: placement
volumev3: cinder
system_
- admin
system_project: service
system_
system_
- system_reader
system_
system_user_name: skyline
system_
When should we expect scopes to be implemented in skyline?
Thanks for your tests for skyline. We(skyline team) will discuess this and try how to support system scope in skyline.