Skip to content

Instantly share code, notes, and snippets.

@lbragstad lbragstad/behavior Secret
Last active Oct 4, 2019

Embed
What would you like to do?
Broken Role Assignment Filtering
ubuntu@dev:~$ env | grep OS
OS_CLOUD=devstack-domain-admin
ubuntu@dev:~$ cat /etc/openstack/clouds.yaml
clouds:
devstack-domain-admin:
auth:
auth_url: http://10.0.3.122/identity
password: nomoresecret
domain_name: Default
user_domain_id: default
username: admin
identity_api_version: '3'
region_name: RegionOne
volume_api_version: '3'
ubuntu@dev:~$ openstack role assignment list --names
+-------------+------------------+-------------------+----------------------------+---------+--------+-----------+
| Role | User | Group | Project | Domain | System | Inherited |
+-------------+------------------+-------------------+----------------------------+---------+--------+-----------+
| admin | admin@Default | | admin@Default | | | False |
| admin | admin@Default | | demo@Default | | | False |
| admin | admin@Default | | alt_demo@Default | | | False |
| admin | admin@Default | | | Default | | False |
| member | alt_demo@Default | | alt_demo@Default | | | False |
| anotherrole | alt_demo@Default | | alt_demo@Default | | | False |
| service | glance@Default | | service@Default | | | False |
| member | | nonadmins@Default | demo@Default | | | False |
| anotherrole | | nonadmins@Default | demo@Default | | | False |
| member | | nonadmins@Default | alt_demo@Default | | | False |
| anotherrole | | nonadmins@Default | alt_demo@Default | | | False |
| admin | demo@Users | | admin@Default | | | False |
| member | demo@Default | | invisible_to_admin@Default | | | False |
| member | demo@Default | | demo@Default | | | False |
| anotherrole | demo@Default | | demo@Default | | | False |
| admin | | admins@Default | admin@Default | | | False |
+-------------+------------------+-------------------+----------------------------+---------+--------+-----------+
ubuntu@dev:~$ openstack role assignment list --names --system all --role member
You are not authorized to perform the requested action: identity:list_roles. (HTTP 403) (Request-ID: req-e2f163ad-74b1-46b3-9b00-d4a8f9bf8598)
ubuntu@dev:~$ openstack role assignment list --names --role member
You are not authorized to perform the requested action: identity:list_roles. (HTTP 403) (Request-ID: req-1afbb081-70d4-4abb-ad99-4b95605e6088)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.