Cloud Admin user cannot view admin/users/ or admin/projects/ when in alternate domain context
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard Charm |
New
|
Undecided
|
Unassigned |
Bug Description
19.10 charms
bionic-stein
When the cloud admin user logs into horizon (admin_domain/admin juju-created user), the user can view admin_domain users and projects, but if you visit admin/domains/ and enter domain context for something like "default" or "service_domain", etc, the user cannot see any users or projects within the domain via Horizon.
CLI works fine to run 'openstack project list --domain service_domain' or 'openstack user list --domain service_domain'.
I enabled keystone debug logging and all RBAC calls are returning 'Authorization granted', so I believe this is a bug in openstack_
Special note, the environment where this is being witnessed has upgraded from xenial-queens, through bionic-queens, bionic-rocky, and is now running bionic-stein.