tempest

Tenant isolation admin accounts only get a role on the project

Bug #1494291 reported by Andrea Frittoli
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
tempest
Fix Released
Medium
Andrea Frittoli

Bug Description

Tenant isolation can generate admin accounts on the fly, however those accounts get the admin role assigned on the project only, and not on the domain.

This means that these isolated admin accounts are not able to obtain a domain scoped token, which is needed when using a v3 style policy file in keystone (https://github.com/openstack/keystone/blob/master/etc/policy.v3cloudsample.json).

Andrea Frittoli (andrea-frittoli)
Changed in tempest:
importance: Undecided → Medium
status: New → Confirmed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tempest (master)

Fix proposed to branch: master
Review: https://review.openstack.org/226297

Changed in tempest:
assignee: nobody → Andrea Frittoli (andrea-frittoli)
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tempest (master)

Reviewed: https://review.openstack.org/226297
Committed: https://git.openstack.org/cgit/openstack/tempest/commit/?id=4bee2e765a77f3f3012e18a1f2db2f076fa00c39
Submitter: Jenkins
Branch: master

commit 4bee2e765a77f3f3012e18a1f2db2f076fa00c39
Author: Andrea Frittoli (andreaf) <email address hidden>
Date: Tue Sep 22 13:06:18 2015 +0100

    Add admin role on domain for v3

    In case of identity v3, isolated admin users get the admin role
    assigned on the project, but not on the domain.
    If policy.v3cloudsample.json is in use, the admin role is required
    on the domain for several admin actions to be performed.
    Extending the CredsClient to support adding role on domain.

    This patch changes the creds client for v3, and as there was
    no unit test coverage for dynamic creds provider using creds
    client on v3, adding the tests.

    Change-Id: Iaea458fc8a24f6831476c9ec37cb11d253fcd0ec
    Closes-bug: #1494291

Changed in tempest:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.