search

osism / testbed

With this testbed, it is possible to run a full OSISM installation, the baseline of the Sovereign Cloud Stack, on an existing OpenStack environment such as Cleura or REGIO.cloud.
https://osism.tech/docs/guides/other-guides/testbed
Apache License 2.0
61 stars 26 forks source link

designate: admin/system credentials unable to view "ptr record" #2484

Open frosty-geek opened 2 months ago

frosty-geek commented 2 months ago

While playing around with PTR records and designate I noticed that I was unable (as admin/system) to list records which were accessible as normal user (test)

$ openstack --os-cloud test@testbed ptr record list
+------------------------------------------------+--------------------------+-------------+------+
| id                                             | ptrdname                 | description | ttl  |
+------------------------------------------------+--------------------------+-------------+------+
| RegionOne:8aae0548-5eda-4264-aedd-1c5ae2c11e45 |                          |             |      |
| RegionOne:af9634b8-2735-4662-bc5d-43c79daa2314 | www1.ay-8v.pco.internal. |             | 3600 |
+------------------------------------------------+--------------------------+-------------+------+
$ openstack --os-cloud admin@testbed ptr record list

$ openstack --os-cloud system@testbed ptr record list

$ openstack --os-cloud admin@testbed ptr record list --all-projects

$ openstack --os-cloud system@testbed ptr record list --all-projects

$ openstack --os-cloud test@testbed ptr record show RegionOne:af9634b8-2735-4662-bc5d-43c79daa2314
+-------------+------------------------------------------------+
| Field       | Value                                          |
+-------------+------------------------------------------------+
| action      | NONE                                           |
| address     | 192.168.112.151                                |
| description | None                                           |
| id          | RegionOne:af9634b8-2735-4662-bc5d-43c79daa2314 |
| ptrdname    | www1.ay-8v.pco.internal.                       |
| status      | ACTIVE                                         |
| ttl         | 3600                                           |
+-------------+------------------------------------------------+
$ openstack --os-cloud admin@testbed ptr record show RegionOne:af9634b8-2735-4662-bc5d-43c79daa2314
FloatingIP af9634b8-2735-4662-bc5d-43c79daa2314 in RegionOne is not associated for project "a35c7a15963d439a862ac451dcd03d70"
$ openstack --os-cloud system@testbed ptr record show RegionOne:af9634b8-2735-4662-bc5d-43c79daa2314
FloatingIP af9634b8-2735-4662-bc5d-43c79daa2314 in RegionOne is not associated for project "None"
berendt commented 2 months ago

I think the problem is that --all-projects only works inside the active domain scope and not for all domains.

dragon@testbed-manager:/opt/configuration/scripts/deploy$ openstack --os-cloud admin project list
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 33a6e50437e647a99b5c66db27ebb972 | admin   |
| 934f6a31390c4cfd8fb487a7779fee50 | test    |
| a4a257f3baf44c67a6c01817c577441c | service |
+----------------------------------+---------+
dragon@testbed-manager:/opt/configuration/scripts/deploy$ openstack --os-cloud admin ptr record list --sudo-project-id 934f6a31390c4cfd8fb487a7779fee50
+------------------------------------------------+----------+-------------+-----+
| id                                             | ptrdname | description | ttl |
+------------------------------------------------+----------+-------------+-----+
| RegionOne:0af976b5-e75e-488e-ab98-be37d2f608e5 |          |             |     |
+------------------------------------------------+----------+-------------+-----+

Also does not work with system_scope: all.

dragon@testbed-manager:~$ openstack --os-cloud system ptr record list --all-projects