[openstack-dev] [horizon] settings part
Matthias Runge
mrunge at redhat.com
Fri Nov 2 09:19:48 UTC 2012
Hi Gabriel,
thank you for your answer!
On 11/01/2012 09:47 PM, Gabriel Hurley wrote:
> That's not unfinished; there's something amiss in your stack.
>
> The user settings saves things to the session, yes. The session
> length is configurable. That is by design, since Horizon pointedly
> avoids requiring persistent storage. There are future plans to
> utilize Keystone's user metadata to store some of these things more
> permanently.
yes, I understand that. Also, Django could save sessions to persistent
storage.
>
> I'm curious exactly what "Forbidden" message you're getting on the
> OpenStack API page. A screenshot would be helpful.
>
http://www.matthias-runge.de/fedora/openstack-api-forbidden.png
So, my question was: when it's forbidden (by config, e.g through
keystone), why do we show that link.
> The logout when you try to visit the EC2 page means that one of the
> underlying API calls is returning a 401 Unauthorized response. You'll
> need to look in your logs (probably one of the Nova logs) to see
> what's going on there.
>
Interesting trying both, when logged in as admin, everything as shown as
expected. When logged in as demo user, I get redirected to:
http://localhost:8000/auth/login/?next=/settings/ec2/
When logging in as demo user again, I'm getting two error messages
(those overlays) "Error: Unable to retrieve tenant list"
At the same time, in keystone log:
2012-11-02 10:18:53 WARNING [keystone.common.wsgi] You are not
authorized to perform the requested action: admin_required
> Also, it's always helpful to know how you installed and configured
> your OpenStack installation, since any one of the numerous moving
> parts can be responsible for these problems bubbling up at the
> dashboard level.
I agree.
I installed it through openstack-demo-install
https://github.com/fedora-openstack/openstack-utils/blob/master/utils/openstack-demo-install
[mrunge at turing ~]$ keystone user-list | grep demo
| 8e59b583507b41e0963ed491906fcf4b | demo | True |
admin at example.com |
[mrunge at turing ~]$ keystone user-role-list --user-id
8e59b583507b41e0963ed491906fcf4b
[mrunge at turing ~]$ keystone user-list
apparently, demo user has no special roles.
>
> - Gabriel
>
>> Hi,
>>
>> I have a question: using (folsom/master branch) horizon as a non
>> privileged user, the Settings menu has three panels:
>>
>> - "User Settings" (language, timezone), but nothing is saved other
>> than to the session. - "OpenStack API" brings up a "Forbidden"
>> message. Why is that link shown? IMHO it should be possible to
>> prevent showing that link. - "EC2 Credentials" following that link
>> immediately logs the (non-privileged) user off, without a warning
>> or giving a reason. ....
>>
>> Because this looks so unfinished/half finished, I'm writing to the
>> list, to ask, if anybody has a greater plan for this I didn't
>> see....
>>
>> Thanks, Matthias
More information about the OpenStack-dev
mailing list