admin permissions (list and delete services) not working for cloud service in latest version

telefonicaid / fiware-keystone-spassword

Keystone SPASSWORD is an OpenStack Keystone extension that enables some extra security checks over user passwords, as force the usage of strong passwords, expiration time for a password, number of bad login attempts before user account became temporarily blocked, a recover procedure password, second factor authentication (2FA), etc.

Apache License 2.0

3 stars 1 forks source link

latest versions has internal versions fo keystones upper than 1.19.0 and cloud_admin has not access to domains:

Keystone spassword latest: [root@iot-keystone keystone]# rpm -qa | grep keystone python3-keystoneauth1-5.1.3-1.el9s.noarch python3-keystoneclient-5.1.0-4.el9.noarch python3-keystonemiddleware-10.2.0-1.el9s.noarch python3-keystone-23.0.2-1.el9s.noarch openstack-keystone-23.0.2-1.el9s.noarch keystone-scim-1.8.0-0.noarch keystone-spassword-1.19.0-0.noarch

Keystone spassword 1.19.0

[root@iot-keystone keystone]# rpm -qa | grep keystone python3-keystoneauth1-5.1.2-4.el9.noarch python3-keystoneclient-5.1.0-4.el9.noarch python3-keystonemiddleware-10.2.0-1.el9s.noarch python3-keystone-23.0.1-1.el9s.noarch openstack-keystone-23.0.1-1.el9s.noarch keystone-scim-1.8.0-0.noarch keystone-spassword-1.19.0-0.noarch [root@iot-keystone keystone]# exit

23.0.2

Remove reference to devstack-gate
Add domain scoping to list_domains
Allow domain admin to view roles
Allow domain users to manage credentials
Allow admin to access tokens and credentials
Add ability to create users and projects from keystone-manage
Fix old arm64 job template
Remove unused old job templates and experimental jobs
Normalize policy checks for domain-scoped tokens
Allow users with "admin" role to get projects
Fix policies for groups
Consistent and Secure RBAC (Phase 1)
Don't forget to check if authorization fails

23.0.1

Respect cached tokens issued before upgrade
Add an option to randomize LDAP urls list
Properly trimm bcrypt hashed passwords
docs: Clarify lack of LDAP assignment back end
fix(federation): allow using numerical group names
Remove Dependency on Cryptography >=36.0.0
Update TOX_CONSTRAINTS_FILE for stable/2023.1
Update .gitreview for stable/2023.1

23.0.0

OAuth 2.0 Mutual-TLS Support
Force algo specific maximum length
Add oidc federation test setup
Fix passenv syntax in tox and update python jobs
[PooledLDAPHandler] Ensure result3() invokes message.clean()
requirements: Bump linter requirements
Limit token expiration to application credential expiration
Update master for stable/zed

telefonicaid / fiware-keystone-spassword