Comment 4 for bug 1963685
Revision history for this message
| Felipe Reyes (freyes) wrote Re: [Bug 1963685] Re: You are not authorized to perform the requested action: identity:list_role_assignments. | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
On Mon, 2022-03-07 at 10:26 +0000, Alex Kavanagh wrote:
> This sounds like the policy change issue that came in in wallaby:
> https:/
> particularly the bit:
>
> "Legacy Octavia Advanced RBAC policies will continue to function as
> before as long as the [oslo_policy] enforce_scope = False and
> enforce_
> current
> oslo.policy default). However, we highly recommend you update your
> user
> roles to follow the new keystone default roles and start using scoped
> tokens as appropriate. See the Octavia Policies administration guide
> for
> more information."
I came through this, but I moved on from due to the bit "this is the
current oslo.policy default", I'm deploying a focal-victoria cloud to
check if the test passes, if it does, I will definitively circle back
to this and explicitly set these keys to false in octavia.conf.