<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi, Matt!</p>
<p>The issue is most probably in the absence of roles being trusted,
which are required to create a trust.<br>
</p>
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 01.09.2016 06:54, Matt Jia wrote:<br>
</div>
<blockquote
cite="mid:CAGDKJnrFT+utqvO-wd+ua5+UAmKd1OP464A57A7Ghkks-yLKnw@mail.gmail.com"
type="cite">
<div dir="ltr">Hi,<br>
<br>
I am experimenting the Keystone Trusts feature with a script
which creates a trust between two users.<br>
<br>
import keystoneclient.v3 as keystoneclient<br>
#import swiftclient.client as swiftclient<br>
<br>
<br>
auth_url_v3 = '<a class="moz-txt-link-freetext" href="http:/">http:/</a><a moz-do-not-send="true" target="_blank"
href="http://xxxt.com:5000/v3/">xxxt.com:5000/v3/</a>'<br>
<br>
<br>
demo = keystoneclient.Client(auth_<wbr>url=auth_url_v3,<br>
username='demo',<br>
password='openstack',<br>
project='demo')<br>
import pdb; pdb.set_trace()<br>
alt_demo = keystoneclient.Client(auth_<wbr>url=auth_url_v3,<br>
<wbr> username='alt_demo',<br>
<wbr> password='openstack',<br>
<wbr> project='alt_demo')<br>
<br>
trust = demo.trusts.create(trustor_<wbr>user=demo.user_id,<br>
trustee_user=alt_demo.user_id,<br>
project=demo.tenant_id)<br>
<br>
When I run this script, I got this error:<br>
<br>
Traceback (most recent call last):<br>
File "test_os_trust_1.py", line 20, in <module><br>
project=demo.tenant_id)<br>
File "/usr/lib/python2.7/site-<wbr>packages/keystoneclient/v3/<wbr>contrib/trusts.py",
line 75, in create<br>
**kwargs)<br>
File "/usr/lib/python2.7/site-<wbr>packages/keystoneclient/base.<wbr>py",
line 72, in func<br>
return f(*args, **new_kwargs)<br>
File "/usr/lib/python2.7/site-<wbr>packages/keystoneclient/base.<wbr>py",
line 328, in create<br>
self.key)<br>
File "/usr/lib/python2.7/site-<wbr>packages/keystoneclient/base.<wbr>py",
line 151, in _create<br>
return self._post(url, body, response_key, return_raw,
**kwargs)<br>
File "/usr/lib/python2.7/site-<wbr>packages/keystoneclient/base.<wbr>py",
line 165, in _post<br>
resp, body = self.client.post(url, body=body, **kwargs)<br>
File "/usr/lib/python2.7/site-<wbr>packages/keystoneclient/<wbr>httpclient.py",
line 635, in post<br>
return self._cs_request(url, 'POST', **kwargs)<br>
File "/usr/lib/python2.7/site-<wbr>packages/keystoneclient/<wbr>httpclient.py",
line 621, in _cs_request<br>
return self.request(url, method, **kwargs)<br>
File "/usr/lib/python2.7/site-<wbr>packages/keystoneclient/<wbr>httpclient.py",
line 596, in request<br>
resp = super(HTTPClient, self).request(url, method,
**kwargs)<br>
File "/usr/lib/python2.7/site-<wbr>packages/keystoneclient/<wbr>baseclient.py",
line 21, in request<br>
return self.session.request(url, method, **kwargs)<br>
File "/usr/lib/python2.7/site-<wbr>packages/keystoneclient/utils.<wbr>py",
line 318, in inner<br>
return func(*args, **kwargs)<br>
File "/usr/lib/python2.7/site-<wbr>packages/keystoneclient/<wbr>session.py",
line 354, in request<br>
raise exceptions.from_response(resp, method, url)<br>
keystoneclient.openstack.<wbr>common.apiclient.exceptions.<wbr>Forbidden:
You are not authorized to perform the requested action. (HTTP
403) (Request-ID: req-6898b073-d467-4f2a-acc0-<wbr>c4c0ca15970a)<br>
<br>
Can anyone explain what sort of permission is required for the
demo user to create a trust?<br>
<br>
Cheers, Matt</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: <a class="moz-txt-link-abbreviated" href="mailto:OpenStack-dev-request@lists.openstack.org?subject:unsubscribe">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a>
<a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>