Cannot update Identity Roles in Rocky
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | OpenStack Dashboard (Horizon) |
Undecided
|
Corey Bryant | ||
| | Ubuntu Cloud Archive |
High
|
Unassigned | ||
| | Rocky |
High
|
Unassigned | ||
| | horizon (Ubuntu) |
High
|
Unassigned | ||
| | Cosmic |
High
|
Unassigned | ||
Bug Description
In Rocky, there's no way to create, edit, delete Identity Roles.
Please see attached screenshots comparing Queens and Rocky.
| Corey Bryant (corey.bryant) wrote : | #1 |
| Corey Bryant (corey.bryant) wrote : | #2 |
Rocky screenshot
| Changed in horizon (Ubuntu): | |
| status: | New → Triaged |
| importance: | Undecided → Medium |
| importance: | Medium → High |
| Ivan Kolodyazhny (e0ne) wrote : | #3 |
Corey, could you please confirm that it's reproducible on upstream horizon?
| Changed in horizon: | |
| status: | New → Incomplete |
| assignee: | nobody → Corey Bryant (corey.bryant) |
| Akihiro Motoki (amotoki) wrote : | #4 |
I cannot reproduce this either.
Note that I only this once but at that time I forgot to run collectstatic and compress, i.e., it was my mistake.
| Corey Bryant (corey.bryant) wrote : | #5 |
This is possibly explained by the following comments from LP:1775227:
https:/
https:/
"I agree that the current horizon does not support role create/delete operations by domain admin."
| Corey Bryant (corey.bryant) wrote : | #6 |
I did a little more digging and I'm still not sure what the problem is. I can create/delete users, groups, projects, domains, but not roles as there are no buttons.
For OPENSTACK_
OPENSTACK_
'name': 'native',
'can_
'can_
'can_
'can_
'can_
}
The keystone v3 policy looks fine and I'm using a cloud admin (not a domain admin, so this is not the same as bug 1775227):
"admin_
"cloud_admin": "rule:admin_
...
"identity:
"identity:
"identity:
"identity:
"identity:
# openstack commands to compare vs cloud_admin policy - truncated for launchpad formatting
$ os domain list
+------
| ID | Name |
+------
| 7b67d5a059154b4
+------
$ os user show admin
+------
| Field | Value |
+------
| domain_id | 7b67d5a059154b4
| email | juju@localhost |
| enabled | True |
| id | 70ffd1578204492
| name | admin |
| options | {} |
| password_expires_at | None |
+------
$ os role list
+------
| ID | Name |
+------
| 8a01a3463f584c3
+------
$ os role assignment list -f json
...
{
"Role": "8a01a3463f584c
"User": "70ffd157820449
"Group": "",
"Project": "",
"Domain": "7b67d5a059154b
"System": "",
"Inherited": false
},
...
Static assets are collected and compressed and apache2/memcached restarted.
I've been testing with the Ubuntu package so I'll have to test this with upstream and see what is different.
| Albert Damen (albrt) wrote : | #7 |
Has OPENSTACK_
After an upgrade from queens I did not have the "create role" option either. Adding OPENSTACK_
Both options are properly set in /etc/openstack-
Queens screenshot