[Openstack] creating trust failing
Michael Hearn
mrhearn at gmail.com
Thu Jul 10 15:48:02 UTC 2014
Want to use Trusts but when creating I am being told I do not have the
correct authorization e.g
*You are not authorized to perform the requested action.", "code": 403,
"title": "Forbidden*
Distro: Icehouse
Token: scoped at project level , and using admin user/pass
Policy File Rule: (opened it up) "identity:create_trust": ""
Keystone.conf: trust enabled
Command:
*curl -s -H X-Auth-Token: $TOKEN -H Content-Type: application/json -d {
"trust": { "expires_at": "2014-12-30T23:59:59.999999Z",
"impersonation": false, "project_id":
"470de03ce1e84009936151a91de19044", "roles": [ { "name":
"399c7033b0944fcbb471b474f5625c22" } ], "trustee_user_id":
"7d59da760f844f7fbf31f7a5b8f6b9e2", "trustor_user_id":
"4b132cedccb145a182f996225dde6af6"}}
http://xxxxxxxxxxxx:5000/v3/OS-TRUST/trusts
<http://xxxxxxxxxxxx:5000/v3/OS-TRUST/trusts>*
Keystone log file suggests the policy rule is fine but the endpoint access
is being denied on the PUT. A Get on /V3/OS-TRUST/trusts is not denied.
2014-07-10 10:23:51.506 17888 DEBUG keystone.openstack.common.policy [-]
Rule identity:create_trust will be now enforced enforce
/usr/lib/python2.6/site-packages/keystone/openstack/common/policy.py:258
2014-07-10 10:23:51.506 17888 DEBUG keystone.common.controller [-] RBAC:
Authorization granted inner
/usr/lib/python2.6/site-packages/keystone/common/controller.py:151
2014-07-10 10:23:51.514 17888 WARNING keystone.common.wsgi [-] You are not
authorized to perform the requested action.
2014-07-10 10:23:51.515 17888 INFO eventlet.wsgi.server [-] - -
[10/Jul/2014 10:23:51] "POST /v3/OS-TRUST/trusts HTTP/1.1" 403 252 0.020884
Any suggestions what is amiss?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140710/28cd01cb/attachment.html>
More information about the Openstack
mailing list