It turned out that the issue was that the port creation command was
taking around 2 minutes with the ML2 driver we were testing, and the
HAProxy from OpenStack Ansible had default reading timeouts of 50s.
** Changed in: neutron
Status: New => Invalid
** Also affects: openstack-ansible
Public bug reported:
I've set up a DevStack with Keystone using domain-specific backends.
I've then created a Domain-A with its domain-specific configuration
being:
[ldap]
url=ldap://ldap.server.com:389
user=cn=admin,dc=example,dc=com
password=secret
suffix=dc=example,dc=com
Public bug reported:
The operations for adding and removing a router interface are checking
the add_router_interface and remove_router_interface policies, which
are not listed in the sample policy.json. Instead, there one can find
these policies:
update_router:add_router_interface:
Public bug reported:
I'm trying to set a custom policy.json for Neutron based on new roles I
have defined.
In this task, I changed the default policy from rule: admin_or_owner
to rule:admin_only. After that, a bunch of operations stopped working,
including, for instance, a regular user deleting
Public bug reported:
Even though the default policy.json restrict the creation of external
networks to admin_only, any user can update a network as external.
I could verify this with the following test (PseudoPython):
project: ProjectA
user: ProjectMemberA has Member role on project ProjectA.
Public bug reported:
The way federation is implemented today needs Keystone to run on Apache
and have authentication performed by mod_shib. Therefore, a user trying
to authenticate via saml2, for instance, will have her/his REMOTE_USER
property defined.
The lines below of the method
Public bug reported:
The documentation of the Federation API [1] brings a lot of examples
where the local part of the rule does not have the user object with the
name property, such as:
{
user: {
name: user name
}
}
However one cannot get a token with Federation if the mapping
** Changed in: keystone
Status: Confirmed = Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1261847
Title:
User with admin role in one domain and role member in another
8 matches
Mail list logo