"release": "3.2.1",
"nailgun_sha": "51fd1d386b8cfc425cb258c4fa1cdb1ebb9e5a6e",
"ostf_sha": "c70535553616d3c2f8b0bccced54361c06f76f97",
"astute_sha": "df6ddea3abc93fbe1cab9b4534d4d5e9508c95d6",
"fuellib_sha": "e1e14026d78848597ef19c7ff73651d2103adab0"
1. Create new environment (CentOS, HA mode)
2. Add 3 controllers, 1 compute, 3 cinder nodes
3. Start deployment. It was successful
4. Go to Horizon
5. Create new user with role member
6. Login into Horizon inder added user
7. Click in left menu to Containers. Error presents "Unable to retrive container list"
Warning in ./node-6.domain.tld/dashboard-horizon.exceptions.log
warning: WARNING ESC[31;1mRecoverable error: Account GET failed: http://172.16.0.6:8080/v1/AUTH_ac5ea7a5870a4f938540fc98ac307fc5?format=json&limit=1001 403 Forbidden [first 60 chars of response] <html><h1>Forbidden</h1><p>Access was denied to this resourcESC[0m
This problem relates to the core problem that Swift admin tasks are quite limited in Horizon and by default, Swift is reserved for Admins only.
I'm paraphrasing documentation from these two sources:
http://
http://
The expected tenant admin behavior is as follows:
1 - Users who should manage all swift object stores should be given SwiftOperator role (it exists in our conf, but not the role itself)
2 - Users who should get a container should have an object created for them (CLI only, not via Horizon)
3 - Non-privileged users who don't get assigned any containers don't have any swift access at all.
The error in Horizon is correct because unless you're a Swift operator, you don't get to list any objects.
We have two routes to solve this:
1 - Create SwiftOperator role when deploying Fuel so that it can be delegated for a project if needed. (We should definitely do this)
2 - Allow (either always or with a config option) admin swift access for users by default by calling swift::