Hey Boris, Any updates on this?
Cheers, -E -- Evan F. Bollig, PhD Scientific Computing Consultant, Application Developer | Scientific Computing Solutions (SCS) Minnesota Supercomputing Institute | msi.umn.edu University of Minnesota | umn.edu boll0...@umn.edu | 612-624-1447 | Walter Lib Rm 556 On Thu, Mar 9, 2017 at 4:08 PM, Evan Bollig PhD <boll0...@umn.edu> wrote: > Hey Boris, > > Which mapping? Hope you were looking for the shibboleth user > mapping. Also, hope this is the right way to share the paste (first > time using this): > http://paste.openstack.org/show/3snCb31GRZfAuQxdRouy/ > > Cheers, > -E > -- > Evan F. Bollig, PhD > Scientific Computing Consultant, Application Developer | Scientific > Computing Solutions (SCS) > Minnesota Supercomputing Institute | msi.umn.edu > University of Minnesota | umn.edu > boll0...@umn.edu | 612-624-1447 | Walter Lib Rm 556 > > > On Thu, Mar 9, 2017 at 7:50 AM, Boris Bobrov <bre...@cynicmansion.ru> wrote: >> Hi, >> >> Please paste your mapping to paste.openstack.org >> >> On 03/09/2017 02:07 AM, Evan Bollig PhD wrote: >>> I am on Ocata with Shibboleth auth enabled. I noticed that Federated >>> users with the admin role no longer have authorization to use the >>> Admin** panels in Horizon related to Nova, Cinder and Neutron. All >>> regular Identity and Project tabs function, and there are no problems >>> with authorization for local admin users. >>> >>> ----- >>> These Admin tabs work: Hypervisors, Host Aggregates, Flavors, Images, >>> Defaults, Metadata, System Information >>> >>> These result in logout: Instances, Volumes, Networks, Routers, Floating IPs >>> >>> This is not present: Overview >>> ----- >>> >>> The policies are vanilla from the CentOS/RDO openstack-dashboard RPMs: >>> openstack-dashboard-11.0.0-1.el7.noarch >>> python-django-horizon-11.0.0-1.el7.noarch >>> python2-keystonemiddleware-4.14.0-1.el7.noarch >>> python2-keystoneclient-3.10.0-1.el7.noarch >>> openstack-keystone-11.0.0-1.el7.noarch >>> python2-keystoneauth1-2.18.0-1.el7.noarch >>> python-keystone-11.0.0-1.el7.noarch >>> >>> The errors I see in logs are similar to: >>> >>> ==> /var/log/horizon/horizon.log <== >>> 2017-03-07 18:24:54,961 13745 ERROR horizon.exceptions Unauthorized: >>> Traceback (most recent call last): >>> File >>> "/usr/share/openstack-dashboard/openstack_dashboard/dashboards/admin/floating_ips/views.py", >>> line 53, in get_tenant_list >>> tenants, has_more = api.keystone.tenant_list(request) >>> File "/usr/share/openstack-dashboard/openstack_dashboard/api/keystone.py", >>> line 351, in tenant_list >>> manager = VERSIONS.get_project_manager(request, admin=admin) >>> File "/usr/share/openstack-dashboard/openstack_dashboard/api/keystone.py", >>> line 61, in get_project_manager >>> manager = keystoneclient(*args, **kwargs).projects >>> File "/usr/share/openstack-dashboard/openstack_dashboard/api/keystone.py", >>> line 170, in keystoneclient >>> raise exceptions.NotAuthorized >>> NotAuthorized >>> >>> Cheers, >>> -E >>> -- >>> Evan F. Bollig, PhD >>> Scientific Computing Consultant, Application Developer | Scientific >>> Computing Solutions (SCS) >>> Minnesota Supercomputing Institute | msi.umn.edu >>> University of Minnesota | umn.edu >>> boll0...@umn.edu | 612-624-1447 | Walter Lib Rm 556 >>> >>> __________________________________________________________________________ >>> OpenStack Development Mailing List (not for usage questions) >>> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>> >> >> __________________________________________________________________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
