[Yahoo-eng-team] [Bug 1643991] Re: 504 Gateway Timeout when creating a port

It turned out that the issue was that the port creation command was taking around 2 minutes with the ML2 driver we were testing, and the HAProxy from OpenStack Ansible had default reading timeouts of 50s. ** Changed in: neutron Status: New => Invalid ** Also affects: openstack-ansible

[Yahoo-eng-team] [Bug 1385405] [NEW] Domain backed by a populated read-only domain-specific LDAP identity backend cannot be deleted

Public bug reported: I've set up a DevStack with Keystone using domain-specific backends. I've then created a Domain-A with its domain-specific configuration being: [ldap] url=ldap://ldap.server.com:389 user=cn=admin,dc=example,dc=com password=secret suffix=dc=example,dc=com

[Yahoo-eng-team] [Bug 1356678] [NEW] Adding and removing router interface uses a policy rule different from what there is the sample policy.json

Public bug reported: The operations for adding and removing a router interface are checking the add_router_interface and remove_router_interface policies, which are not listed in the sample policy.json. Instead, there one can find these policies: update_router:add_router_interface:

[Yahoo-eng-team] [Bug 1356679] [NEW] Neutron is checking stricter policies than an operator would expect

Public bug reported: I'm trying to set a custom policy.json for Neutron based on new roles I have defined. In this task, I changed the default policy from rule: admin_or_owner to rule:admin_only. After that, a bunch of operations stopped working, including, for instance, a regular user deleting

[Yahoo-eng-team] [Bug 1338880] [NEW] Any user can set a network as external

Public bug reported: Even though the default policy.json restrict the creation of external networks to admin_only, any user can update a network as external. I could verify this with the following test (PseudoPython): project: ProjectA user: ProjectMemberA has Member role on project ProjectA.

[Yahoo-eng-team] [Bug 1320128] [NEW] Verification for REMOTE_USER on auth.controllers.Auth breaks Federation

Public bug reported: The way federation is implemented today needs Keystone to run on Apache and have authentication performed by mod_shib. Therefore, a user trying to authenticate via saml2, for instance, will have her/his REMOTE_USER property defined. The lines below of the method

[Yahoo-eng-team] [Bug 1320140] [NEW] Federation documentation is not clear about mapping.rules.local.user.name

Public bug reported: The documentation of the Federation API [1] brings a lot of examples where the local part of the rule does not have the user object with the name property, such as: { user: { name: user name } } However one cannot get a token with Federation if the mapping

[Yahoo-eng-team] [Bug 1261847] Re: User with admin role in one domain and role member in another domain, usually works as admin but cannot generate a token using role member

** Changed in: keystone Status: Confirmed = Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1261847 Title: User with admin role in one domain and role member in another