Comment 0 for bug 1960806

Revision history for this message
Peter De Sousa (pjds) wrote : [RFE] Add charm option for enforce_new_defaults

Hi,

When testing user access on openstack the users are able to create objects outside of their given access scopes. For example: Reader roles can create objects inside of projects. There is an upstream keystone issue for this: https://bugs.launchpad.net/keystone/+bug/1915193.

In that bug https://bugs.launchpad.net/keystone/+bug/1915193/comments/3 points to a enforce_new_defaults config value which is availabe in nova https://docs.openstack.org/nova/latest/configuration/sample-config.html.

Currently the nova-compute charm does not enable this configuration value, and the issue is present, please see the test run at: https://paste.ubuntu.com/p/NSgfGSmvJz/ the script to run these tests can be found at: https://private-fileshare.canonical.com/~pjds/nova-compute-kvm-tests/run_dsv_openstack_tests.sh

Thanks,

Peter