User assigned admin role gets 403 when querying various object types.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Invalid
|
Undecided
|
Unassigned | ||
OpenStack Keystone Charm |
Expired
|
Undecided
|
Unassigned | ||
keystone (Juju Charms Collection) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Our users, having been assigned admin role on domain and projects in that domain we're unable to query certain things via the openstack CLI. Ex:
$ openstack user list
You are not authorized to perform the requested action: identity:
$ openstack group list
You are not authorized to perform the requested action: identity:
$ openstack domain list
You are not authorized to perform the requested action: identity:
$ openstack role assignment list
You are not authorized to perform the requested action: identity:
I can view projects however... which is interesting. Our users are granted admin on the domain and projects via group membership.
We're running keystone 17.0.1 in Ussuri.
description: | updated |
Changed in keystone: | |
status: | Incomplete → Invalid |
Re-assigning to the keystone identity package.