| *** queria is now known as Guest5862 | 02:25 | |
| *** queria is now known as Guest5863 | 02:31 | |
| *** rlandy is now known as rlandy|rover | 11:38 | |
| *** queria is now known as queria^afk | 15:20 | |
| mloza | hello, I'm having a keystone issue, I gave a user reader role at domain level, the user can list all projects but unable to list all instances | 19:22 |
|---|---|---|
| frickler | mloza: are you trying to use the --all-projects option? or listing instances for a specific project is failing? anyway this rather sounds like an issue with nova policies than with keystone | 19:44 |
| mloza | frickler: Both. Both throws 'Policy doesn't allow os_compute_api:servers:detail:get_all_tenants | 19:51 |
| mloza | however, in horizon, I can switch projects and see the instances | 19:52 |
| mloza | I given a user reader role at system level, same issue and also weird that i cannot list all projects | 19:55 |
| frickler | get_all_tenants likely is an admin-only operation | 19:55 |
| frickler | but you shouldn't be using that when looking at instances for a specific project | 19:56 |
| frickler | are you using OSC or some other client? | 19:57 |
| mloza | OSC | 19:58 |
| mloza | os_compute_api:servers:detail:get_all_tenants | 19:59 |
| mloza | Default | 19:59 |
| mloza | rule:system_reader_api | 19:59 |
| mloza | https://docs.openstack.org/nova/latest/configuration/policy.html | 19:59 |
| mloza | https://paste.opendev.org/show/b7jGPa7irPRR7W3OGRfy/ | 20:02 |
| frickler | hmm, indeed, that would be a bug in nova, then. I can try to reproduce tomorrow if noone else comes along, eod now | 20:03 |
| mloza | ok, thanks | 20:34 |
| *** rlandy|rover is now known as rlandy|rover|bbl | 22:16 | |
| *** sshnaidm is now known as sshnaidm|afk | 23:34 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!