[openstack-dev] Neutron permission issue

Ajay Kalambur (akalambu) akalambu at cisco.com
Fri Jul 11 17:05:57 UTC 2014


Hi
As a tenant when I try to create a router and associate a gateway with the router as a two step process in Horizon things work fine.
Now when I want to do the same thing through a create router API call with request below I get permission denied to create router

{
"router":
{
"name": "another_router",
"admin_state_up": true,
"external_gateway_info": {
"network_id": "3c5bcddd-6af9-4e6b-9c3e-c153e521cab8",
"enable_snat": false}
}
}
The network id in both cases is the same. This does not make sense to me


Traceback (most recent call last):

  File "vm-tp.py", line 54, in setUp

    ext_router = self.net.create_router(CONF.ROUTER_NAME, ext_net['id'])

  File "/Users/akalambu/python_venv/latest_code/pns/network.py", line 121, in create_router

    router = self.neutron_client.create_router(body)

  File "/Users/akalambu/python_venv/venv/lib/python2.7/site-packages/neutronclient/v2_0/client.py", line 101, in with_params

    ret = self.function(instance, *args, **kwargs)

  File "/Users/akalambu/python_venv/venv/lib/python2.7/site-packages/neutronclient/v2_0/client.py", line 398, in create_router

    return self.post(self.routers_path, body=body)

  File "/Users/akalambu/python_venv/venv/lib/python2.7/site-packages/neutronclient/v2_0/client.py", line 1320, in post

    headers=headers, params=params)

  File "/Users/akalambu/python_venv/venv/lib/python2.7/site-packages/neutronclient/v2_0/client.py", line 1243, in do_request

    self._handle_fault_response(status_code, replybody)

  File "/Users/akalambu/python_venv/venv/lib/python2.7/site-packages/neutronclient/v2_0/client.py", line 1211, in _handle_fault_response

    exception_handler_v20(status_code, des_error_body)

  File "/Users/akalambu/python_venv/venv/lib/python2.7/site-packages/neutronclient/v2_0/client.py", line 68, in exception_handler_v20

    status_code=status_code)

Forbidden: Policy doesn't allow create_router to be performed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140711/a9a5e736/attachment-0001.html>


More information about the OpenStack-dev mailing list