Hi !
I investigated trust's use cases and encountered the problem: When I use
auth_token obtained from keystoneclient using trust, I get *403* Forbidden
error: *You are not authorized to perform the requested action.*
Steps to reproduce:
- Import v3 keystoneclient (used keystone and keystoneclient from master,
tried also to use stable/icehouse)
- Import v3 novaclient
- initialize the keystoneclient:
keystone = keystoneclient.Client(username=username, password=password,
tenant_name=tenant_name, auth_url=auth_url)
- create a trust:
trust = keystone.trusts.create(
keystone.user_id,
keystone.user_id,
impersonation=True,
role_names=['admin'],
project=keystone.project_id
)
- initialize new keystoneclient:
client_from_trust = keystoneclient.Client(
username=username, password=password,
trust_id=trust.id, auth_url=auth_url,
)
- create nova client using new token from new client:
nova = novaclient.Client(
auth_token=client_from_trust.auth_token,
auth_url=auth_url_v2,
project_id=from_trust.project_id,
service_type='compute',
username=None,
api_key=None
)
- do simple request to nova:
nova.servers.list()
- get the error described above.
Maybe I misunderstood something but what is wrong? I supposed I just can
work with nova like it was initialized using direct token.
--
Best Regards,
Nikolay
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
