[RFE] Add charm option for enforce_new_defaults and enforce_scope
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Cinder Charm |
New
|
Undecided
|
Unassigned | ||
OpenStack Keystone Charm |
New
|
Undecided
|
Unassigned | ||
OpenStack Neutron API Charm |
New
|
Undecided
|
Unassigned | ||
OpenStack Nova Cloud Controller Charm |
New
|
Undecided
|
Unassigned | ||
OpenStack Nova Compute Charm |
In Progress
|
Wishlist
|
Unassigned | ||
OpenStack Placement Charm |
New
|
Undecided
|
Unassigned |
Bug Description
Hi,
When testing user access on openstack the users are able to create objects outside of their given access scopes. For example: Reader roles can create objects inside of projects. There is an upstream keystone issue for this: https:/
In that bug https:/
Currently the nova-compute charm does not enable this configuration value, and the issue is present, please see the test run at: https:/
[Edit]
With some further testing, the enforce_
Thanks,
Peter
https:/
https:/
description: | updated |
description: | updated |
description: | updated |
Changed in charm-nova-cloud-controller: | |
assignee: | nobody → Mustafa Kemal Gilor (mustafakemalgilor) |
status: | New → In Progress |
Changed in charm-nova-cloud-controller: | |
assignee: | Mustafa Kemal Gilor (mustafakemalgilor) → nobody |
status: | In Progress → New |
Changed in charm-nova-compute: | |
assignee: | nobody → Muhammad Ahmad (ahmadfsbd) |
Changed in charm-nova-compute: | |
assignee: | Muhammad Ahmad (ahmadfsbd) → nobody |
Note that this option was available from ussuri (but may have had issues associated with it). Need a discussion on which version(s) it should be made available for.