** Project changed: openstack-manuals => python-keystoneclient ** Tags added: keystoneclient
** Tags added: policy ** Project changed: python-keystoneclient => keystone -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1553864 Title: domain admin policy fail in keystonclient Status in OpenStack Identity (keystone): New Bug description: In my case: I changed identity api to v3 export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 Create domain_admin openstack domain create domain1 openstack user create domain1_admin --domain domain1 --password xxxx openstack project create domain1_admin --domain domain1 openstack role add --user domain1_admin --domain domain1 admin openstack role add --user domain1_admin --project domain1_admin admin And changed policy file to policy.v3cloudsample.json https://github.com/openstack/keystone/blob/master/etc/policy.v3cloudsample.json cp policy.v3cloudsample.json /etc/keystone/policy.json Use domain_admin to review project list openstack project list --domain domain1 You are not authorized to perform the requested action: identity:list_projects (HTTP 403) (Request-ID: req-e68fc8ab-c723-49ca-a9f4-cbfa4594f514) In debug mode: I found {"error": {"message": "You are not authorized to perform the requested action: identity:list_domains", "code": 403, "title": "Forbidden"}} so.. I modify policy "identity:list_domains": "rule:cloud_admin" >>> "identity:list_domains": "rule:admin_required" And it's worked. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1553864/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
