-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
rhos-17.1.z, rhos-18.0.z
-
None
-
False
-
-
False
-
?
-
rhos-ops-platform-services-security
-
None
-
-
-
-
Moderate
To Reproduce Steps to reproduce the behavior:
- Deploy RHOSP 17.1
- Create an application credential with custom access rules
- Test the application credential by issuing a command that requires one of the rules defined above
- The command fails with an error like this:
$ openstack server list The request you have made requires authentication. (HTTP 401) (Request-ID: req-1d0e98cd-86d6-4723-ab81-7dda35051450)
Expected behavior
- Application credentials with custom access rules should work out-of-the-box
Bug impact
- Users can not use application credentials with custom rules
Known workaround
- Customers need to run through the process described in this article [0]
Additional context
- Custom access rules are allowed both through the web interface as well as the CLI
- This gives the impression that this feature is fully functional without any custom configuration of openstack services
- Customers need to have a better understanding of what the consequences are when changing the `[keystone_authtoken]/service_type` for one or multiple services.
- If changing these parameters has no negative consequence, then that should be the default configuration instead of being undefined.
[0] https://access.redhat.com/solutions/6965564
