Bug #1414252 “Horizon throws unauthorized 403 error for cloud ad...” : Bugs : OpenStack Identity (keystone)

Sumanth (avadhanisumanth1) on 2015-03-09

Changed in keystone:
status:	New → Confirmed
status:	Confirmed → New

Sumanth (avadhanisumanth1) on 2015-03-09

Changed in keystone:
status:	New → Confirmed

Sumanth (avadhanisumanth1) on 2015-03-29

Changed in keystone:
status:	Confirmed → New

Revision history for this message

Lin Hua Cheng (lin-hua-cheng) wrote on 2015-04-14:

#1

have to you set the OPENSTACK_API_VERSIONS in the horizon setting to v3?

OPENSTACK_API_VERSIONS = {
"identity": 3,
}

Also, can you add the horizon and keystone logs?

Changed in keystone:
status:	New → Incomplete

Revision history for this message

Damien BRIENS (dbriens) wrote on 2015-06-01:

#2

I have the same problem...

in /opt/stack/horizon/openstack_dashboard/local/local_settings.py I have:

OPENSTACK_API_VERSIONS = {
"identity": 3,
}
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default'
OPENSTACK_KEYSTONE_URL="http://10.0.2.15:5000/v3"

and the keystone log:
2015-06-01 17:20:28.478815 23842 DEBUG keystone.middleware.core [-] RBAC: auth_context: {'is_delegated_auth': False, 'access_token_id': None, 'user_id': u'2c622ed8fd214d1eb93f7c1f32a8a297', 'roles': [u'admin'], 'trustee_id': None, 'trustor_id': None, 'consumer_id': None, 'token': <KeystoneToken (audit_id=N_npq13XRkqrSeRsfWIklw, audit_chain_id=Nre272pGR2OZMDeM32zGYg) at 0x7fa05223ce30>, 'project_id': u'9f76327906024506b2dc60645831fd2e', 'trust_id': None} process_request /opt/stack/keystone/keystone/middleware/core.py:240
2015-06-01 17:20:28.481652 23842 INFO keystone.common.wsgi [-] GET /domains
2015-06-01 17:20:28.481899 23842 DEBUG keystone.common.controller [-] RBAC: Authorizing identity:list_domains() _build_policy_check_credentials /opt/stack/keystone/keystone/common/controller.py:57
2015-06-01 17:20:28.482039 23842 DEBUG keystone.common.controller [-] RBAC: using auth context from the request environment _build_policy_check_credentials /opt/stack/keystone/keystone/common/controller.py:62
2015-06-01 17:20:28.482264 23842 DEBUG keystone.common.controller [-] RBAC: Adding query filter params () wrapper /opt/stack/keystone/keystone/common/controller.py:189
2015-06-01 17:20:28.482476 23842 DEBUG keystone.policy.backends.rules [-] enforce identity:list_domains: {'is_delegated_auth': False, 'access_token_id': None, 'user_id': u'2c622ed8fd214d1eb93f7c1f32a8a297', 'roles': [u'admin'], 'trustee_id': None, 'trustor_id': None, 'consumer_id': None, 'token': <KeystoneToken (audit_id=N_npq13XRkqrSeRsfWIklw, audit_chain_id=Nre272pGR2OZMDeM32zGYg) at 0x7fa05223ce30>, 'project_id': u'9f76327906024506b2dc60645831fd2e', 'trust_id': None} enforce /opt/stack/keystone/keystone/policy/backends/rules.py:76
2015-06-01 17:20:28.483649 23842 WARNING keystone.common.wsgi [-] You are not authorized to perform the requested action: identity:list_domains (Disable debug mode to suppress these details.)
9f76327906024506b2dc60645831fd2e2015-06-01 17:21:35.424607 23838 DEBUG keystone.middleware.core [-] RBAC: auth_context: {} process_request /opt/stack/keystone/keystone/middleware/core.py:240

I have the same problem...

in /opt/stack/horizon/openstack_dashboard/local/local_settings.py I have:

OPENSTACK_API_VERSIONS = {
    "identity": 3,
}
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default'
OPENSTACK_KEYSTONE_URL="http://10.0.2.15:5000/v3"

and the keystone log:
2015-06-01 17:20:28.478815 23842 DEBUG keystone.middleware.core [-] RBAC: auth_context: {'is_delegated_auth': False, 'access_token_id': None, 'user_id': u'2c622ed8fd214d1eb93f7c1f32a8a297', 'roles': [u'admin'], 'trustee_id': None, 'trustor_id': None, 'consumer_id': None, 'token': <KeystoneToken (audit_id=N_npq13XRkqrSeRsfWIklw, audit_chain_id=Nre272pGR2OZMDeM32zGYg) at 0x7fa05223ce30>, 'project_id': u'9f76327906024506b2dc60645831fd2e', 'trust_id': None} process_request /opt/stack/keystone/keystone/middleware/core.py:240
2015-06-01 17:20:28.481652 23842 INFO keystone.common.wsgi [-] GET /domains
2015-06-01 17:20:28.481899 23842 DEBUG keystone.common.controller [-] RBAC: Authorizing identity:list_domains() _build_policy_check_credentials /opt/stack/keystone/keystone/common/controller.py:57
2015-06-01 17:20:28.482039 23842 DEBUG keystone.common.controller [-] RBAC: using auth context from the request environment _build_policy_check_credentials /opt/stack/keystone/keystone/common/controller.py:62
2015-06-01 17:20:28.482264 23842 DEBUG keystone.common.controller [-] RBAC: Adding query filter params () wrapper /opt/stack/keystone/keystone/common/controller.py:189
2015-06-01 17:20:28.482476 23842 DEBUG keystone.policy.backends.rules [-] enforce identity:list_domains: {'is_delegated_auth': False, 'access_token_id': None, 'user_id': u'2c622ed8fd214d1eb93f7c1f32a8a297', 'roles': [u'admin'], 'trustee_id': None, 'trustor_id': None, 'consumer_id': None, 'token': <KeystoneToken (audit_id=N_npq13XRkqrSeRsfWIklw, audit_chain_id=Nre272pGR2OZMDeM32zGYg) at 0x7fa05223ce30>, 'project_id': u'9f76327906024506b2dc60645831fd2e', 'trust_id': None} enforce /opt/stack/keystone/keystone/policy/backends/rules.py:76
2015-06-01 17:20:28.483649 23842 WARNING keystone.common.wsgi [-] You are not authorized to perform the requested action: identity:list_domains (Disable debug mode to suppress these details.)
9f76327906024506b2dc60645831fd2e2015-06-01 17:21:35.424607 23838 DEBUG keystone.middleware.core [-] RBAC: auth_context: {} process_request /opt/stack/keystone/keystone/middleware/core.py:240

Revision history for this message

Launchpad Janitor (janitor) wrote on 2015-08-01:

#3

[Expired for Keystone because there has been no activity for 60 days.]

Changed in keystone:
status:	Incomplete → Expired

OpenStack Identity (keystone)

Horizon throws unauthorized 403 error for cloud admin in domain setup

Bug Description

Other bug subscribers

Remote bug watches