[Bug 1792783] Re: Cannot update Identity Roles in Rocky
Triaged to medium; there should be a fix for the openstack-dashboard charm to setup horizon to do this, but it can be done from the CLI as a workaround. ** Changed in: charm-openstack-dashboard Status: New => Confirmed ** Changed in: charm-openstack-dashboard Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1792783 Title: Cannot update Identity Roles in Rocky To manage notifications about this bug go to: https://bugs.launchpad.net/charm-openstack-dashboard/+bug/1792783/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1792783] Re: Cannot update Identity Roles in Rocky
Perhaps I am dense, but this problem seems to affect me as well. I am using a brand-spanking new openstack-dashboard install out of JAAS.ai, and I cannot add roles using the admin user account provisioned during "juju deploy". I only following instructions for LDAP authentication for a new charmed Kubernetes install, and cannot make forward progress, because the documented setup requires that I create three roles that do not exist in an out-of-box deployment: https://ubuntu.com/kubernetes/docs/ldap If a neither users in the built-in "Admin" and "member" roles cannot create new roles, then who can? This charm seems pretty well broken as a result of this bug. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1792783 Title: Cannot update Identity Roles in Rocky To manage notifications about this bug go to: https://bugs.launchpad.net/charm-openstack-dashboard/+bug/1792783/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1792783] Re: Cannot update Identity Roles in Rocky
The Ubuntu package installs the local_settings.py from "openstack_dashboard/local/local_settings.py.example" so I think that, as Albert noted, the package is doing the right thing. ** Changed in: cloud-archive Status: Triaged => Invalid ** Changed in: cloud-archive/rocky Status: Triaged => Invalid ** Changed in: horizon (Ubuntu) Status: Triaged => Invalid ** Changed in: horizon Status: Incomplete => Invalid ** Changed in: horizon (Ubuntu Cosmic) Status: Triaged => Invalid ** Also affects: charm-openstack-dashboard Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1792783 Title: Cannot update Identity Roles in Rocky To manage notifications about this bug go to: https://bugs.launchpad.net/charm-openstack-dashboard/+bug/1792783/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1792783] Re: Cannot update Identity Roles in Rocky
On the other hand, charm-openstack-dashboard does not correctly setup REST_API_REQUIRED_SETTINGS for the change at Rocky: https://opendev.org/openstack/charm-openstack- dashboard/src/branch/master/templates/ocata/local_settings.py#L893 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1792783 Title: Cannot update Identity Roles in Rocky To manage notifications about this bug go to: https://bugs.launchpad.net/charm-openstack-dashboard/+bug/1792783/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1792783] Re: Cannot update Identity Roles in Rocky
Has OPENSTACK_KEYSTONE_BACKEND been added to REST_API_REQUIRED_SETTINGS? After an upgrade from queens I did not have the "create role" option either. Adding OPENSTACK_KEYSTONE_BACKEND to REST_API_REQUIRED_SETTINGS fixed that. Both options are properly set in /etc/openstack- dashboard/local_settings.py.dpkg-dist, but I refused the new file to keep my local changes. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1792783 Title: Cannot update Identity Roles in Rocky To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1792783/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1792783] Re: Cannot update Identity Roles in Rocky
I did a little more digging and I'm still not sure what the problem is.
I can create/delete users, groups, projects, domains, but not roles as
there are no buttons.
For OPENSTACK_KEYSTONE_BACKEND in local_settings.py we have:
OPENSTACK_KEYSTONE_BACKEND = {
'name': 'native',
'can_edit_user': True,
'can_edit_group': True,
'can_edit_project': True,
'can_edit_domain': True,
'can_edit_role': True,
}
The keystone v3 policy looks fine and I'm using a cloud admin (not a
domain admin, so this is not the same as bug 1775227):
"admin_required": "role:Admin",
"cloud_admin": "rule:admin_required and
rule:domain_id:7b67d5a059154b45a5f4cb6f80310493",
...
"identity:get_role": "rule:admin_required",
"identity:list_roles": "rule:admin_required",
"identity:create_role": "rule:cloud_admin",
"identity:update_role": "rule:cloud_admin",
"identity:delete_role": "rule:cloud_admin",
# openstack commands to compare vs cloud_admin policy - truncated for
launchpad formatting
$ os domain list
+--++
| ID | Name |
+--++
| 7b67d5a059154b45a5f4cb6f80310493 | admin_domain |
+--++
$ os user show admin
+-+--+
| Field | Value|
+-+--+
| domain_id | 7b67d5a059154b45a5f4cb6f80310493 |
| email | juju@localhost |
| enabled | True |
| id | 70ffd1578204492b954792af2607bffd |
| name| admin|
| options | {} |
| password_expires_at | None |
+-+--+
$ os role list
+--+---+
| ID | Name |
+--+---+
| 8a01a3463f584c34a5c56282a90b53a7 | Admin |
+--+---+
$ os role assignment list -f json
...
{
"Role": "8a01a3463f584c34a5c56282a90b53a7",
"User": "70ffd1578204492b954792af2607bffd",
"Group": "",
"Project": "",
"Domain": "7b67d5a059154b45a5f4cb6f80310493",
"System": "",
"Inherited": false
},
...
Static assets are collected and compressed and apache2/memcached
restarted.
I've been testing with the Ubuntu package so I'll have to test this with
upstream and see what is different.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1792783
Title:
Cannot update Identity Roles in Rocky
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1792783/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1792783] Re: Cannot update Identity Roles in Rocky
This is possibly explained by the following comments from LP:1775227: https://bugs.launchpad.net/ubuntu/+source/horizon/+bug/1775227/comments/5 https://bugs.launchpad.net/ubuntu/+source/horizon/+bug/1775227/comments/6 "I agree that the current horizon does not support role create/delete operations by domain admin." -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1792783 Title: Cannot update Identity Roles in Rocky To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1792783/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1792783] Re: Cannot update Identity Roles in Rocky
I cannot reproduce this either. Note that I only this once but at that time I forgot to run collectstatic and compress, i.e., it was my mistake. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1792783 Title: Cannot update Identity Roles in Rocky To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1792783/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1792783] Re: Cannot update Identity Roles in Rocky
Corey, could you please confirm that it's reproducible on upstream horizon? ** Changed in: horizon Status: New => Incomplete ** Changed in: horizon Assignee: (unassigned) => Corey Bryant (corey.bryant) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1792783 Title: Cannot update Identity Roles in Rocky To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1792783/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1792783] Re: Cannot update Identity Roles in Rocky
Rocky screenshot ** Attachment added: "Screenshot from 2018-09-16 05-38-01.png" https://bugs.launchpad.net/horizon/+bug/1792783/+attachment/5189426/+files/Screenshot%20from%202018-09-16%2005-38-01.png ** Also affects: horizon (Ubuntu) Importance: Undecided Status: New ** Changed in: horizon (Ubuntu) Status: New => Triaged ** Changed in: horizon (Ubuntu) Importance: Undecided => Medium ** Changed in: horizon (Ubuntu) Importance: Medium => High ** Also affects: cloud-archive Importance: Undecided Status: New ** Also affects: cloud-archive/rocky Importance: Undecided Status: New ** Changed in: cloud-archive/rocky Status: New => Triaged ** Changed in: cloud-archive/rocky Importance: Undecided => High ** Also affects: horizon (Ubuntu Cosmic) Importance: High Status: Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1792783 Title: Cannot update Identity Roles in Rocky To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1792783/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
