Open Stack

Hi !

I investigated trust's use cases and encountered the problem: When I use
auth_token obtained from keystoneclient using trust, I get *403* Forbidden
error:  *You are not authorized to perform the requested action.*

Steps to reproduce:

- Import v3 keystoneclient (used keystone and keystoneclient from master,
tried also to use stable/icehouse)
- Import v3 novaclient
- initialize the keystoneclient:
  keystone = keystoneclient.Client(username=username, password=password,
tenant_name=tenant_name, auth_url=auth_url)

- create a trust:
  trust = keystone.trusts.create(
    keystone.user_id,
    keystone.user_id,
    impersonation=True,
    role_names=['admin'],
    project=keystone.project_id
  )

- initialize new keystoneclient:
  client_from_trust = keystoneclient.Client(
    username=username, password=password,
    trust_id=trust.id, auth_url=auth_url,
  )

- create nova client using new token from new client:
  nova = novaclient.Client(
    auth_token=client_from_trust.auth_token,
    auth_url=auth_url_v2,
    project_id=from_trust.project_id,
    service_type='compute',
    username=None,
    api_key=None
  )

- do simple request to nova:
  nova.servers.list()

- get the error described above.


Maybe I misunderstood something but what is wrong? I supposed I just can
work with nova like it was initialized using direct token.

-- 
Best Regards,
Nikolay
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150211/6c86636a/attachment.html>