> seems to work fine on train region but fails on rocky region The user in your rocky region does not have the image_viewer, role_viewer, or role_admin roles assigned. Assign those roles to the user on the project and it will work.
> I would like to harden my ec2 keystone policy, like restricting number of credentials to be created, credentials validation, credentials TTL, etc. Is this right forum to raise a new ticket or can i mail an expert directly ? See the documentation on using application credentials for how to set a TTL/expiration: https://docs.openstack.org/keystone/latest/user/application_credentials.html and the configuration options for application credentials for how to set a limit on them: https://docs.openstack.org/keystone/latest/configuration/config- options.html#application-credential If you still have questions, you can email openstack- [email protected] and include [keystone] in the subject line, or reach out on the freenode IRC network in the #openstack-keystone channel. ** Changed in: keystone Status: Incomplete => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1866817 Title: Invalid input for field 'roles/0/id': 'role_admin' does not match '^[a-zA-Z0-9-]+$' Status in OpenStack Identity (keystone): Invalid Bug description: Hi, Please suggest how to fix the below error: i get this error when i execute for roles image_viewer, role_admin, role_viewer only, works fine with other roles. openstack application credential create --role image_viewer --secret test iv Invalid input for field 'roles/0/id': 'image_viewer' does not match '^[a-zA-Z0-9-]+$' Failed validating 'pattern' in schema['properties']['roles']['items']['properties']['id']: {'maxLength': 64, 'minLength': 1, 'pattern': '^[a-zA-Z0-9-]+$', 'type': 'string'} On instance['roles'][0]['id']: 'image_viewer' (HTTP 400) (Request-ID: req-92bd08a5-d151-41ca-b564-e8e981dd0539) openstack application credential create --role role_admin --secret test iv 0 ↵ Invalid input for field 'roles/0/id': 'role_admin' does not match '^[a-zA-Z0-9-]+$' Failed validating 'pattern' in schema['properties']['roles']['items']['properties']['id']: {'maxLength': 64, 'minLength': 1, 'pattern': '^[a-zA-Z0-9-]+$', 'type': 'string'} On instance['roles'][0]['id']: 'role_admin' (HTTP 400) (Request-ID: req-d2388261-bd0d-4b02-9342-5d9ec32ceb6f) The request ID shows the same data, this is an old bug in nova: https://bugs.launchpad.net/nova/+bug/1491325 To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1866817/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
