[Openstack] Keystone: Get Project List not working with domain admin token
Ratnadeep Bhattacharjee
bhatt246 at yahoo.com
Tue Feb 17 23:26:32 UTC 2015
I have set up my openstack environment with V3 Keystone domains enabled after reading a few blogs (notably this one: http://www.florentflament.com/blog/setting-keystone-v3-domains.html). I am not able to get the list of projects in a given domain when querying as the domain admin. Below are the steps I followed:
1. I created an admin domain and added the ID of the domain to my new policy.json file (which is a copy of the latest policy.v3cloudsample.json): "admin_required": "role:admin", "cloud_admin": "rule:admin_required and domain_id:43eebba390b64b86ad073f690f76ee7f", "service_role": "role:service",....
2. Restarted keystone.
3. I went ahead and created a new domain: dom1. A new user (admin1) for that domain and assigned admin role to that user. admin1 is now supposed to be the domain admin for dom1. I logged in as admin1 with scope set to domain id of dom1 and have a valid token as well. The body of the post request was as follows:
{ "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "domain": { "id": "6a530272037f4672b41e5be12b2d1670" }, "name": "admin1", "password": "admin123" } } }, "scope": { "domain": { "id": "6a530272037f4672b41e5be12b2d1670" } } }}
4. I then created two projects in the domain dom1.
5. Now when I try to get a list of all the projects in that domain using HTTP GET /keystone/v3/projects API call (and passing the admin1 login token) I get a 403 error with the following response:
{
- "error": {
- "code": 403,
- "message": "You are not authorized to perform the requested action: identity:list_projects",
- "title": "Forbidden"
}
}
What am I missing? Would really appreciate any pointers...
Regards,-Deep.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150217/100b731a/attachment.html>
More information about the Openstack
mailing list