[openstack-dev] what permission is required to create a Keystone trust
Thomas Herve
therve at redhat.com
Thu Sep 1 07:26:13 UTC 2016
On Thu, Sep 1, 2016 at 5:54 AM, Matt Jia <mjia at redhat.com> wrote:
> Hi,
>
> I am experimenting the Keystone Trusts feature with a script which creates a
> trust between two users.
>
> import keystoneclient.v3 as keystoneclient
> #import swiftclient.client as swiftclient
>
>
> auth_url_v3 = 'http:/xxxt.com:5000/v3/'
>
>
> demo = keystoneclient.Client(auth_url=auth_url_v3,
> username='demo',
> password='openstack',
> project='demo')
> import pdb; pdb.set_trace()
> alt_demo = keystoneclient.Client(auth_url=auth_url_v3,
> username='alt_demo',
> password='openstack',
> project='alt_demo')
>
> trust = demo.trusts.create(trustor_user=demo.user_id,
> trustee_user=alt_demo.user_id,
> project=demo.tenant_id)
I believe you need to at least specify one role to be able to create a
trust. You can't delegate all users roles if you pass in a project.
--
Thomas
More information about the OpenStack-dev
mailing list