System Reader cannot read system scope resources
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
New
|
Undecided
|
Unassigned |
Bug Description
I created a user with project member role and assigned reader role with system_scope:all.
```
$ openstack role assignment list --names --system all --role reader
+------
| Role | User | Group | Project | Domain | System | Inherited |
+------
| reader | user1@Default | | | | all | False |
+------
```
But this user can only list resources in his project.
For example, failed to list all servers in the system with the following error.
```
$ openstack server list --all
Policy doesn't allow os_compute_
```
In nova api log, I can see `system_scope: None` in policy check.
```
Policy check for os_compute_
```
Also failed to get other resources such as service, endpoints, users which requires system scope permission.
Seems system scope is not working at all.