> > On 8/15/2019 1:09 AM, 崔恒香 wrote:

> > This is my problem with placement rest api.(Token and endpoint were

> > OK)

> >

> >          {"errors": [{"status": 403,

> >                           "title": "Forbidden",

> > "detail": "Access was denied to this resource.\n\n Policy does not

> > allow placement:resource_providers:list to be performed.  ",

> >                           "request_id":

> > "req-5b409f22-7741-4948-be6f-ea28c2896a3f"

> >                          }]}

 

> On 8/16/2019 3:24 PM, Matt Riedemann wrote:

> This doesn't give much information. Does the token have the admin role in it? Has the placement:resource_providers:list

> policy rule been changed from the default (rule:admin_api)?

 

As Matt said, you should  check you policy limit for your request user, it’s default role is “rule:admin_api” [1]. If your authenticated user is not admin, then the 403 error is normal.

 

[1] https://github.com/openstack/placement/blob/master/placement/handlers/resource_provider.py#L178

      https://github.com/openstack/placement/blob/master/placement/policies/resource_provider.py#L51

 

 

 

 

发件人: 崔恒香 [mailto:chx769467092@163.com]
发送时间: 2019年8月15日 13:21
收件人: openstack-discuss@lists.openstack.org
主题: [lists.openstack.org代发][question][placement][rest api][403]