Being authorized within a limited scope context, i.e. trust / oauth / application credential with a limited role, e.g. "monitoring_viewer" or "viewer", it is still possible to create EC2 credentials. User can auth against Keystone using EC2 credentials and obtain all project roles
of a trust/oauth/application_credential owner.
Being authorized within a limited scope context, i.e. trust / oauth / application credential with a limited role, e.g. "monitoring_viewer" or "viewer", it is still possible to create EC2 credentials. User can auth against Keystone using EC2 credentials and obtain all project roles application_ credential owner.
of a trust/oauth/
I prepared a tool to auth against keyston using ec2 credentials: https:/ /github. com/kayrus/ ec2auth
* auth against keystone using trust/oauth/ application_ credential credentials eb9502168ef1995 84 --secret c558d9401a6943b bbb77a83ce910e5 a5 --debug"
* issue ec2 credentials: "openstack ec2 credentials create"
* authenticate against keystone using ec2 credentials: "ec2auth --access 7522162ced8f4e3
You'll see that returned token contains all owner roles.