Documentation doesn't specify that admin credentials are needed to zone abandon
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-designateclient |
Fix Released
|
Low
|
Ashish Kumar Gupta |
Bug Description
Using credential of tenant with member role.
Create a zone.
stack@user1:~$ openstack zone create u11.com. --email <email address hidden>
+------
| Field | Value |
+------
| action | CREATE |
| attributes | {} |
| created_at | 2016-09-
| description | None |
| email | <email address hidden> |
| id | f1025bba-
| masters | |
| name | u11.com. |
| pool_id | 794ccc2c-
| project_id | 67850ec5eba444e
| serial | 1474958499 |
| status | PENDING |
| transferred_at | None |
| ttl | 3600 |
| type | PRIMARY |
| updated_at | None |
| version | 1 |
+------
stack@user1:~$ openstack zone list
+------
| id | name | type | serial | status | action |
+------
| f1025bba-
+------
openstack zone abandon f1025bba-
forbidden
REQ: curl -g -i --cacert "/etc/ssl/
"POST /v2/zones/
RESP: [403] Date: Tue, 27 Sep 2016 06:43:31 GMT Content-Length: 92 Content-Type: application/json X-Openstack-
RESP BODY: {"code": 403, "type": "forbidden", "request_id": "req-54c0c508-
forbidden
Traceback (most recent call last):
File "/opt/stack/
result = cmd.run(
File "/opt/stack/
self.
File "/opt/stack/
client.
File "/opt/stack/
self.
File "/opt/stack/
return self.request(url, 'POST', **kwargs)
File "/opt/stack/
raise exceptions.
Forbidden: forbidden
clean_up AbandonZoneCommand: forbidden
Traceback (most recent call last):
File "/opt/stack/
ret_val = super(OpenStack
File "/opt/stack/
result = self.run_
File "/opt/stack/
ret_value = super(OpenStack
File "/opt/stack/
result = cmd.run(
File "/opt/stack/
self.
File "/opt/stack/
client.
File "/opt/stack/
self.
File "/opt/stack/
return self.request(url, 'POST', **kwargs)
File "/opt/stack/
raise exceptions.
Forbidden: forbidden
END return value: 1
stack@user1:~$
Expected : Acoording the specification http://
affects: | designate → python-designateclient |
summary: |
- Zone abandon is not allowed using non admin users + Documentation doesn't specify that admin credentials are needed to zone + abandon |
Changed in python-designateclient: | |
status: | New → Triaged |
importance: | Undecided → Low |
tags: | added: low-hanging-fruit |
tags: | added: docs |
This is a documentation bug, administrative privilege is required to abandon zones.