Hi all, My previous message was sent incomplete. Sorry for that. Here it is the correct one.
I'm currently working on the virtual organisations (VO) management code and I would like to add the functionallity that when a user creates a VO Role, he automatically joins it. Since VO Roles are represented as Groups, I need to create a new group and add my own user into it. I have noticed that when I call the methods *add_user_to_group* and *remove_user_from_group* from the identity_api, the actions are performed correctly, but I get my token invalidated and receive the following error message: [Thu Feb 19 00:41:23 2015] [error] 11764 WARNING keystone.middleware.core [-] *RBAC: Invalid token* [Thu Feb 19 00:41:23 2015] [error] 11764 WARNING keystone.common.wsgi [-] The request you have made requires authentication. (Disable debug mode to suppress these details.) I have also tested using the original horizon UI for adding and removing users to groups and tried to remove my own user from a group. I got exaclty the same behaviour, so I think the problem is not related to my code. Does anyone know if this is the expected behaviour? I think that maybe because the groups can be associated to roles, this roles should be added to or removed from the token. Therefore, the token needs to be replaced by a new one with new privileges. But, I think this could be done automatically, instead of invalidating the old ones and forcing the users to log out and in. Does it make sense to you? Is there an easy way to avoid the token to be invalidated? PS: I'm still working on the icehouse version, so this issue can already be addressed in newer releases. Regards, Ioram Sette
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev