[openstack-dev] what permission is required to create a Keystone trust
Matt Jia
mjia at redhat.com
Thu Sep 1 03:54:19 UTC 2016
Hi,
I am experimenting the Keystone Trusts feature with a script which creates
a trust between two users.
import keystoneclient.v3 as keystoneclient
#import swiftclient.client as swiftclient
auth_url_v3 = 'http:/xxxt.com:5000/v3/'
demo = keystoneclient.Client(auth_url=auth_url_v3,
username='demo',
password='openstack',
project='demo')
import pdb; pdb.set_trace()
alt_demo = keystoneclient.Client(auth_url=auth_url_v3,
username='alt_demo',
password='openstack',
project='alt_demo')
trust = demo.trusts.create(trustor_user=demo.user_id,
trustee_user=alt_demo.user_id,
project=demo.tenant_id)
When I run this script, I got this error:
Traceback (most recent call last):
File "test_os_trust_1.py", line 20, in <module>
project=demo.tenant_id)
File "/usr/lib/python2.7/site-packages/keystoneclient/v3/contrib/trusts.py",
line 75, in create
**kwargs)
File "/usr/lib/python2.7/site-packages/keystoneclient/base.py", line 72,
in func
return f(*args, **new_kwargs)
File "/usr/lib/python2.7/site-packages/keystoneclient/base.py", line 328,
in create
self.key)
File "/usr/lib/python2.7/site-packages/keystoneclient/base.py", line 151,
in _create
return self._post(url, body, response_key, return_raw, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneclient/base.py", line 165,
in _post
resp, body = self.client.post(url, body=body, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneclient/httpclient.py",
line 635, in post
return self._cs_request(url, 'POST', **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneclient/httpclient.py",
line 621, in _cs_request
return self.request(url, method, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneclient/httpclient.py",
line 596, in request
resp = super(HTTPClient, self).request(url, method, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneclient/baseclient.py",
line 21, in request
return self.session.request(url, method, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneclient/utils.py", line
318, in inner
return func(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneclient/session.py", line
354, in request
raise exceptions.from_response(resp, method, url)
keystoneclient.openstack.common.apiclient.exceptions.Forbidden: You are not
authorized to perform the requested action. (HTTP 403) (Request-ID:
req-6898b073-d467-4f2a-acc0-c4c0ca15970a)
Can anyone explain what sort of permission is required for the demo user to
create a trust?
Cheers, Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160901/51ec71c5/attachment.html>
More information about the OpenStack-dev
mailing list