<div dir="ltr">Hi,<br><br>I am experimenting the Keystone Trusts feature with a script which creates a trust between two users.<br><br>import keystoneclient.v3 as keystoneclient<br>#import swiftclient.client as swiftclient<br><br><br>auth_url_v3 = 'http:/<a target="_blank" href="http://xxxt.com:5000/v3/">xxxt.com:5000/v3/</a>'<br><br><br>demo = keystoneclient.Client(auth_<wbr>url=auth_url_v3,<br>                             username='demo',<br>                             password='openstack',<br>                             project='demo')<br>import pdb; pdb.set_trace()<br>alt_demo = keystoneclient.Client(auth_<wbr>url=auth_url_v3,<br>                              <wbr>   username='alt_demo',<br>                              <wbr>   password='openstack',<br>                              <wbr>   project='alt_demo')<br><br>trust = demo.trusts.create(trustor_<wbr>user=demo.user_id,<br>                           trustee_user=alt_demo.user_id,<br>                           project=demo.tenant_id)<br><br>When I run this script, I got this error:<br><br>Traceback (most recent call last):<br>  File "test_os_trust_1.py", line 20, in <module><br>    project=demo.tenant_id)<br>  File "/usr/lib/python2.7/site-<wbr>packages/keystoneclient/v3/<wbr>contrib/trusts.py", line 75, in create<br>    **kwargs)<br>  File "/usr/lib/python2.7/site-<wbr>packages/keystoneclient/base.<wbr>py", line 72, in func<br>    return f(*args, **new_kwargs)<br>  File "/usr/lib/python2.7/site-<wbr>packages/keystoneclient/base.<wbr>py", line 328, in create<br>    self.key)<br>  File "/usr/lib/python2.7/site-<wbr>packages/keystoneclient/base.<wbr>py", line 151, in _create<br>    return self._post(url, body, response_key, return_raw, **kwargs)<br>  File "/usr/lib/python2.7/site-<wbr>packages/keystoneclient/base.<wbr>py", line 165, in _post<br>    resp, body = self.client.post(url, body=body, **kwargs)<br>  File "/usr/lib/python2.7/site-<wbr>packages/keystoneclient/<wbr>httpclient.py", line 635, in post<br>    return self._cs_request(url, 'POST', **kwargs)<br>  File "/usr/lib/python2.7/site-<wbr>packages/keystoneclient/<wbr>httpclient.py", line 621, in _cs_request<br>    return self.request(url, method, **kwargs)<br>  File "/usr/lib/python2.7/site-<wbr>packages/keystoneclient/<wbr>httpclient.py", line 596, in request<br>    resp = super(HTTPClient, self).request(url, method, **kwargs)<br>  File "/usr/lib/python2.7/site-<wbr>packages/keystoneclient/<wbr>baseclient.py", line 21, in request<br>    return self.session.request(url, method, **kwargs)<br>  File "/usr/lib/python2.7/site-<wbr>packages/keystoneclient/utils.<wbr>py", line 318, in inner<br>    return func(*args, **kwargs)<br>  File "/usr/lib/python2.7/site-<wbr>packages/keystoneclient/<wbr>session.py", line 354, in request<br>    raise exceptions.from_response(resp, method, url)<br>keystoneclient.openstack.<wbr>common.apiclient.exceptions.<wbr>Forbidden: You are not authorized to perform the requested action. (HTTP 403) (Request-ID: req-6898b073-d467-4f2a-acc0-<wbr>c4c0ca15970a)<br><br>Can anyone explain what sort of permission is required for the demo user to create a trust?<br><br>Cheers, Matt</div>