[Openstack] Odd Keystone Behaviour

Remo Mattei remo at italy1.com
Thu Feb 6 16:13:42 UTC 2014 

I agree that’s why I was saying to try a different user. If you add a user it will not be part of the admin anyhow, by default.

Remo 

On Feb 6, 2014, at 11:09, Craig Jellick <cjellick at godaddy.com> wrote:

> If you're using the default policy.json file, this seems to be the
> expected behavior.
> The "list_user_projects" method has an access rule of "admin_or_owner".
> All the other calls you mentioned have a rule of "admin_required".
> 
> So, I'd say that most likely the user you are using does not have the role
> "admin".
> 
> 
> /Craig J
> 
> 
> 
> 
> On 2/6/14 8:19 AM, "Remo Mattei" <remo at italy1.com> wrote:
> 
>> Seems a permissions issue did you try a different user?
>> 
>> Remo
>> 
>> On Feb 6, 2014, at 10:09, Daniel Ellison <daniel at syrinx.net> wrote:
>> 
>>> Hey all,
>>> 
>>> I've run into an issue with a Havana Keystone install on CentOS 6.3.
>>> When I issue a command such as:
>>> 
>>>   keystone user-list
>>> 
>>> I get in response:
>>> 
>>>   Unable to authorize user
>>> 
>>> This happens with service-list, endpoint-list, role-list, etc. Oddly,
>>> it does NOT happen with tenant-list; I get a proper list of tenants in
>>> response.
>>> 
>>> Running the commands with "--debug", the response body to a "/tokens"
>>> request for all was identical aside from the token itself and
>>> timestamps. The difference came after that, where most of the *-list
>>> commands returned "Unable to authorize user" except for tenant-list,
>>> which returned the list of tenants.
>>> 
>>> There is one reference to this issue at
>>> http://docs.openstack.org/havana/install-guide/install/yum/content/keysto
>>> ne-verify.html#comment-1143923155 so I know I'm not the only one having
>>> this issue. The key is that ONE of the commands works while all the rest
>>> don't.
>>> 
>>> Any ideas?
>>> _______________________________________________
>>> Mailing list: 
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>> Post to     : openstack at lists.openstack.org
>>> Unsubscribe : 
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>> 
>>> 
>>> 
>> 
>> 
>> _______________________________________________
>> Mailing list: 
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> Post to     : openstack at lists.openstack.org
>> Unsubscribe : 
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> 
> 
> !DSPAM:1,52f3b3e674461390257870!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140206/72e94282/attachment.html>

More information about the Openstack mailing list