Assume user A has admin role for project X and member role for project Y.
When I opened Admin -> Network (for example) with Project X and then switched the project to project Y.
I was kicked out to the login form with a message "Unauthorized. Please try logging in again."
I tried to log-in with user A (of course I used a correct password), but I got the same message again "Unauthorized. Please try logging in again."
According to the horizon log, I got the unauthorized exception from tenant_list().
Unauthorized:
Traceback (most recent call last):
File "/opt/stack/horizon/openstack_dashboard/dashboards/admin/networks/views.py", line 56, in _get_tenant_list
tenants, has_more = api.keystone.tenant_list(self.request)
File "/opt/stack/horizon/openstack_dashboard/api/keystone.py", line 352, in tenant_list
manager = VERSIONS.get_project_manager(request, admin=admin)
File "/opt/stack/horizon/openstack_dashboard/api/keystone.py", line 61, in get_project_manager
manager = keystoneclient(*args, **kwargs).projects
File "/opt/stack/horizon/openstack_dashboard/api/keystone.py", line 170, in keystoneclient
raise exceptions.NotAuthorized
NotAuthorized
I am afraid that the current behavior of horizon potentially has a problem that a user cannot login forever without changing the URL explicitly if the user has both admin for one project and member for another project.
I also see more tricky behavior.
Assume user A has admin role for project X and member role for project Y.
When I opened Admin -> Network (for example) with Project X and then switched the project to project Y.
I was kicked out to the login form with a message "Unauthorized. Please try logging in again."
I tried to log-in with user A (of course I used a correct password), but I got the same message again "Unauthorized. Please try logging in again."
According to the horizon log, I got the unauthorized exception from tenant_list().
Unauthorized: horizon/ openstack_ dashboard/ dashboards/ admin/networks/ views.py" , line 56, in _get_tenant_list tenant_ list(self. request) horizon/ openstack_ dashboard/ api/keystone. py", line 352, in tenant_list get_project_ manager( request, admin=admin) horizon/ openstack_ dashboard/ api/keystone. py", line 61, in get_project_manager *args, **kwargs).projects horizon/ openstack_ dashboard/ api/keystone. py", line 170, in keystoneclient NotAuthorized
Traceback (most recent call last):
File "/opt/stack/
tenants, has_more = api.keystone.
File "/opt/stack/
manager = VERSIONS.
File "/opt/stack/
manager = keystoneclient(
File "/opt/stack/
raise exceptions.
NotAuthorized
The URL is http:// sheep6: 8000/auth/ login/? next=/admin/ networks/ and I think the dashboard tried to open the admin dashboard again.
I am afraid that the current behavior of horizon potentially has a problem that a user cannot login forever without changing the URL explicitly if the user has both admin for one project and member for another project.