Admin users cannot authenticate properly via admin_domain
Bug #1649106 reported by
Greg Mason
This bug affects 4 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Keystone Charm |
In Progress
|
Medium
|
Liam Young | ||
keystone (Juju Charms Collection) |
Invalid
|
Medium
|
Liam Young |
Bug Description
When deployed as keystone v3, auth via the domain admin_domain isn't fully functional. When trying to run "openstack domain list" or "openstack user list" keystone responds with a 403:
$ openstack user list
You are not authorized to perform the requested action: identity:list_users (HTTP 403) (Request-ID: req-xxxxxxx)
Any admin users in the domain admin_domain should be able to list domains, users, and should be able to create users.
Performing similar operations via Horizon succeed, however this is a poor workaround.
summary: |
- admin user cannot authenticate properly via admin_domain + Admin users cannot authenticate properly via admin_domain |
Changed in keystone (Juju Charms Collection): | |
status: | Incomplete → New |
tags: | added: bootstack-is |
tags: |
added: canonical-bootstack removed: bootstack-is |
Changed in keystone (Juju Charms Collection): | |
status: | New → Confirmed |
Changed in keystone (Juju Charms Collection): | |
importance: | Undecided → Medium |
status: | Confirmed → In Progress |
tags: | added: v3 |
Changed in charm-keystone: | |
assignee: | nobody → Liam Young (gnuoy) |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in keystone (Juju Charms Collection): | |
status: | In Progress → Invalid |
To post a comment you must log in.
Are you creating a new admin user and trying to do a domain list? Or are you getting a domain scoped token from the 'admin' user in the admin domain as per https://wiki.ubuntu.com/OpenStack/OpenStackCharms/ReleaseNotes1604#Keystone_v3_API_support ?