[openstack-dev] what permission is required to create a Keystone trust

Thomas Herve therve at redhat.com
Thu Sep 1 07:26:13 UTC 2016


On Thu, Sep 1, 2016 at 5:54 AM, Matt Jia <mjia at redhat.com> wrote:
> Hi,
>
> I am experimenting the Keystone Trusts feature with a script which creates a
> trust between two users.
>
> import keystoneclient.v3 as keystoneclient
> #import swiftclient.client as swiftclient
>
>
> auth_url_v3 = 'http:/xxxt.com:5000/v3/'
>
>
> demo = keystoneclient.Client(auth_url=auth_url_v3,
>                              username='demo',
>                              password='openstack',
>                              project='demo')
> import pdb; pdb.set_trace()
> alt_demo = keystoneclient.Client(auth_url=auth_url_v3,
>                                  username='alt_demo',
>                                  password='openstack',
>                                  project='alt_demo')
>
> trust = demo.trusts.create(trustor_user=demo.user_id,
>                            trustee_user=alt_demo.user_id,
>                            project=demo.tenant_id)

I believe you need to at least specify one role to be able to create a
trust. You can't delegate all users roles if you pass in a project.

-- 
Thomas



More information about the OpenStack-dev mailing list