[openstack-dev] [Monasca] Allowing 'admin' user and 'admin' project full access to Monasca

Pradip Mukhopadhyay pradip.interra at gmail.com
Tue Feb 2 16:45:58 UTC 2016


Following [1]
<https://github.com/openstack/monasca-api/tree/master/devstack>, I set up
Monasca (with all other services). I get the 'mini-mon' project;  'monasca'
service; 'monasca-agent', 'monasca-user' role and 'mini-mon',
'monasca-agent' users.

I can do all expected operations (alarm defn, alarm lising, metric push,
notifications) using mini-mon user and 'mini-mon' project as follows:

#monasca --os-username mini-mon --os-password password --os-project-name
mini-mon  notification-create pradipm_email_try EMAIL ....

However, I am getting an error when trying to do the same for 'admin' user
and 'admin' project:

$ monasca --os-username admin --os-password secretadmin --os-project-name
admin  notification-create pradipm_email EMAIL <...>
  "description": "Tenant ID is missing a required role to access this
  "title": "Forbidden"

How can I make it work for 'admin' user also?

There are following three files. Do I need to add 'admin' role in

1. /opt/stack/monasca-api/devstack/files/monasca-api/api-config.yml  //
admin is there (defaultAuthorizedRoles)

2. /opt/stack/monasca-api/java/src/main/resources/api-config.yml      //
admin not there

3. /etc/monasca/api-config.conf  // admin not there in
default_authorized_roles clause

Any help will be solicited.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160202/057d577f/attachment.html>

More information about the OpenStack-dev mailing list