Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

admin permissions (list and delete services) not working for cloud service in latest version #243

Open
AlvaroVega opened this issue Nov 4, 2024 · 4 comments
Open

admin permissions (list and delete services) not working for cloud service in latest version #243

AlvaroVega opened this issue Nov 4, 2024 · 4 comments

Comments

@AlvaroVega
Copy link
Member

latest versions has internal versions fo keystones upper than 1.19.0 and cloud_admin has not access to domains:

Keystone spassword latest:
[root@iot-keystone keystone]# rpm -qa | grep keystone
python3-keystoneauth1-5.1.3-1.el9s.noarch
python3-keystoneclient-5.1.0-4.el9.noarch
python3-keystonemiddleware-10.2.0-1.el9s.noarch
python3-keystone-23.0.2-1.el9s.noarch
openstack-keystone-23.0.2-1.el9s.noarch
keystone-scim-1.8.0-0.noarch
keystone-spassword-1.19.0-0.noarch

Keystone spassword 1.19.0

[root@iot-keystone keystone]# rpm -qa | grep keystone
python3-keystoneauth1-5.1.2-4.el9.noarch
python3-keystoneclient-5.1.0-4.el9.noarch
python3-keystonemiddleware-10.2.0-1.el9s.noarch
python3-keystone-23.0.1-1.el9s.noarch
openstack-keystone-23.0.1-1.el9s.noarch
keystone-scim-1.8.0-0.noarch
keystone-spassword-1.19.0-0.noarch
[root@iot-keystone keystone]#
exit
@AlvaroVega AlvaroVega changed the title admin permissions not working for cloud service in latest version admin permissions (list and delete services) not working for cloud service in latest version Nov 4, 2024
@AlvaroVega
Copy link
Member Author

admin still could create service/subservice, but not list or delete

@AlvaroVega
Copy link
Member Author

23.0.2

  • Remove reference to devstack-gate
  • Add domain scoping to list_domains
  • Allow domain admin to view roles
  • Allow domain users to manage credentials
  • Allow admin to access tokens and credentials
  • Add ability to create users and projects from keystone-manage
  • Fix old arm64 job template
  • Remove unused old job templates and experimental jobs
  • Normalize policy checks for domain-scoped tokens
  • Allow users with "admin" role to get projects
  • Fix policies for groups
  • Consistent and Secure RBAC (Phase 1)
  • Don't forget to check if authorization fails

23.0.1

  • Respect cached tokens issued before upgrade
  • Add an option to randomize LDAP urls list
  • Properly trimm bcrypt hashed passwords
  • docs: Clarify lack of LDAP assignment back end
  • fix(federation): allow using numerical group names
  • Remove Dependency on Cryptography >=36.0.0
  • Update TOX_CONSTRAINTS_FILE for stable/2023.1
  • Update .gitreview for stable/2023.1

23.0.0

  • OAuth 2.0 Mutual-TLS Support
  • Force algo specific maximum length
  • Add oidc federation test setup
  • Fix passenv syntax in tox and update python jobs
  • [PooledLDAPHandler] Ensure result3() invokes message.clean()
  • requirements: Bump linter requirements
  • Limit token expiration to application credential expiration
  • Update master for stable/zed

@AlvaroVega
Copy link
Member Author

openstack/keystone@23.0.1...23.0.2

@AlvaroVega
Copy link
Member Author

This bug is not reproduced using 1.19.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@AlvaroVega