| manumoh | hey .. I am a bit confused about how role "user" is being used inside openstack. I have a tenant with role "user" and when I try to perform a glance image from horizon it throws 403 but cli works fine . Upon checking the glance policy I see only reference to reader/member/admin but not user https://github.com/openstack/glance/blob/master/glance/policies/base.py. | 12:01 |
|---|---|---|
| gtema | the role "user" is not anything standard upstream | 12:02 |
| manumoh | I am still on wallaby | 12:02 |
| gtema | I do not remember it ever existed | 12:02 |
| manumoh | wonder how its working as I don't have any custom policy and the default policy is moved into the code instead of policy.json . | 12:05 |
| manumoh | i'll dig deep .. @gtema thanks for the response | 12:05 |
| gtema | wlcm. Maybe you had it as custom some years ago | 12:06 |
| manumoh | if thats the case during the upgrades it will carry somewhere other than policy fiel | 12:07 |
| gtema | once you created role in keystone and assigned it to the user - it will persist through upgrades | 12:07 |
| gtema | but role in keystone is just a role. Services themselves give a meaning to the role | 12:08 |
| gtema | keystone on its own is not implementing/tracking policies for the roles | 12:08 |
| manumoh | ok | 12:15 |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!