Open Stack

Hi Gabriel,

thank you for your answer!

On 11/01/2012 09:47 PM, Gabriel Hurley wrote:
> That's not unfinished; there's something amiss in your stack.
>
> The user settings saves things to the session, yes. The session
> length is configurable. That is by design, since Horizon pointedly
> avoids requiring persistent storage. There are future plans to
> utilize Keystone's user metadata to store some of these things more
> permanently.
yes, I understand that. Also, Django could save sessions to persistent 
storage.
>
> I'm curious exactly what "Forbidden" message you're getting on the
> OpenStack API page. A screenshot would be helpful.
>
http://www.matthias-runge.de/fedora/openstack-api-forbidden.png

So, my question was: when it's forbidden (by config, e.g through 
keystone), why do we show that link.

> The logout when you try to visit the EC2 page means that one of the
> underlying API calls is returning a 401 Unauthorized response. You'll
> need to look in your logs (probably one of the Nova logs) to see
> what's going on there.
>
Interesting trying both, when logged in as admin, everything as shown as 
expected. When logged in as demo user, I get redirected to:
http://localhost:8000/auth/login/?next=/settings/ec2/

When logging in as demo user again, I'm getting two error messages 
(those overlays) "Error: Unable to retrieve tenant list"
At the same time, in keystone log:
2012-11-02 10:18:53  WARNING [keystone.common.wsgi] You are not 
authorized to perform the requested action: admin_required

> Also, it's always helpful to know how you installed and configured
> your OpenStack installation, since any one of the numerous moving
> parts can be responsible for these problems bubbling up at the
> dashboard level.
I agree.

I installed it through openstack-demo-install

https://github.com/fedora-openstack/openstack-utils/blob/master/utils/openstack-demo-install

[mrunge at turing ~]$ keystone user-list | grep demo
| 8e59b583507b41e0963ed491906fcf4b |   demo  |   True  | 
admin at example.com  |

[mrunge at turing ~]$ keystone user-role-list --user-id 
8e59b583507b41e0963ed491906fcf4b

[mrunge at turing ~]$ keystone user-list

apparently, demo user has no special roles.

>
> - Gabriel
>

>> Hi,
>>
>> I have a question: using (folsom/master branch) horizon as a non
>> privileged user, the Settings menu has three panels:
>>
>> - "User Settings" (language, timezone), but nothing is saved other
>> than to the session. - "OpenStack API" brings up a "Forbidden"
>> message. Why is that link shown? IMHO it should be possible to
>> prevent showing that link. - "EC2 Credentials" following that link
>> immediately logs the (non-privileged) user off, without a warning
>> or giving a reason. ....
>>
>> Because this looks so unfinished/half finished, I'm writing to the
>> list, to ask, if anybody has a greater plan for this I didn't
>> see....
>>
>> Thanks, Matthias