[Openstack] Cannot assign admin role to domain user

Steve Martinelli stevemar at ca.ibm.com
Wed Jan 7 02:37:14 UTC 2015


That call should return a 204. Is there any stack trace or error message? 

If I had to best guess, the only exceptions that raise a 403 error are 
pretty specific,
but one is the Forbidden exception:
https://github.com/openstack/keystone/blob/master/keystone/exception.py#L190-L194

Which happens when you don't have a role to perform the action.
By default, in policy.json you need to have the user performing the action 
would
need the admin role: 
https://github.com/openstack/keystone/blob/master/etc/policy.json#L78

Steve

Ratnadeep Bhattacharjee <bhatt246 at yahoo.com> wrote on 01/06/2015 06:25:50 
PM:

> From: Ratnadeep Bhattacharjee <bhatt246 at yahoo.com>
> To: "openstack at lists.openstack.org" <openstack at lists.openstack.org>
> Date: 01/06/2015 06:32 PM
> Subject: [Openstack] Cannot assign admin role to domain user
> 
> Hi, 
> 
> I am trying to make a HTTP PUT request to assign admin role to a 
> given user in a given domain: 
> 
> http://host:port/keystone/v3/domains/
> 16faa0dcebc94ca0ad83807d5c628754/users/
> bd0bf9040f0a47ce9cd09610f4c7dc17/roles/52580a3e2e164aca9e46b8c013bc7e18
> as per the documentation in http://developer.openstack.org/api-ref-
> identity-v3.html but I get a HTTP 403 error. I am quite sure the 
> domain, user and role IDs are valid. Any idea what I might be doing 
> wrong? Do I have to set any special flags in keystone for this to 
succeed?
> 
> Regards,
> -Deep.
> _______________________________________________
> Mailing list: 
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe : 
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150106/3efd9914/attachment.html>


More information about the Openstack mailing list