-
-
Save lbragstad/df576b7552b751fae16a35aa3c176b3e to your computer and use it in GitHub Desktop.
Broken Role Assignment Filtering
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ubuntu@dev:~$ env | grep OS | |
OS_CLOUD=devstack-domain-admin | |
ubuntu@dev:~$ cat /etc/openstack/clouds.yaml | |
clouds: | |
devstack-domain-admin: | |
auth: | |
auth_url: http://10.0.3.122/identity | |
password: nomoresecret | |
domain_name: Default | |
user_domain_id: default | |
username: admin | |
identity_api_version: '3' | |
region_name: RegionOne | |
volume_api_version: '3' | |
ubuntu@dev:~$ openstack role assignment list --names | |
+-------------+------------------+-------------------+----------------------------+---------+--------+-----------+ | |
| Role | User | Group | Project | Domain | System | Inherited | | |
+-------------+------------------+-------------------+----------------------------+---------+--------+-----------+ | |
| admin | admin@Default | | admin@Default | | | False | | |
| admin | admin@Default | | demo@Default | | | False | | |
| admin | admin@Default | | alt_demo@Default | | | False | | |
| admin | admin@Default | | | Default | | False | | |
| member | alt_demo@Default | | alt_demo@Default | | | False | | |
| anotherrole | alt_demo@Default | | alt_demo@Default | | | False | | |
| service | glance@Default | | service@Default | | | False | | |
| member | | nonadmins@Default | demo@Default | | | False | | |
| anotherrole | | nonadmins@Default | demo@Default | | | False | | |
| member | | nonadmins@Default | alt_demo@Default | | | False | | |
| anotherrole | | nonadmins@Default | alt_demo@Default | | | False | | |
| admin | demo@Users | | admin@Default | | | False | | |
| member | demo@Default | | invisible_to_admin@Default | | | False | | |
| member | demo@Default | | demo@Default | | | False | | |
| anotherrole | demo@Default | | demo@Default | | | False | | |
| admin | | admins@Default | admin@Default | | | False | | |
+-------------+------------------+-------------------+----------------------------+---------+--------+-----------+ | |
ubuntu@dev:~$ openstack role assignment list --names --system all --role member | |
You are not authorized to perform the requested action: identity:list_roles. (HTTP 403) (Request-ID: req-e2f163ad-74b1-46b3-9b00-d4a8f9bf8598) | |
ubuntu@dev:~$ openstack role assignment list --names --role member | |
You are not authorized to perform the requested action: identity:list_roles. (HTTP 403) (Request-ID: req-1afbb081-70d4-4abb-ad99-4b95605e6088) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment