1.I have created a user,tenant and ec2 credentials using keystone and didnt associated a role
then try to run
$ euca-describe-images
Unauthorized: Failure communicating with keystone2
2.then associated a role to the user
$keystone user-role-add --user-id ee32bff3e1524a2b82fe804aac0ce682 --tenant-id cf38a72df8a14bb8984c699edfceb1c3 --role-id 26760c0f9ed045fcb70112f7b16813b3
3.then again I ran
$ euca-describe-images
IMAGE ami-00000002 None (cirros-0.3.0-x86_64-uec) 597b866b450d491f889b9432a564e9a9 available public machineaki-00000001 ari-00000003 instance-store
IMAGE ari-00000003 None (cirros-0.3.0-x86_64-uec-ramdisk) 597b866b450d491f889b9432a564e9a9 available public ramdisk instance-store
IMAGE aki-00000001 None (cirros-0.3.0-x86_64-uec-kernel) 597b866b450d491f889b9432a564e9a9 available public kernel instance-store
5.now the user doesn't have any role associated,now again run
$ euca-describe-images
IMAGE ami-00000002 None (cirros-0.3.0-x86_64-uec) 597b866b450d491f889b9432a564e9a9 available public machineaki-00000001 ari-00000003 instance-store
IMAGE ari-00000003 None (cirros-0.3.0-x86_64-uec-ramdisk) 597b866b450d491f889b9432a564e9a9 available public ramdisk instance-store
IMAGE aki-00000001 None (cirros-0.3.0-x86_64-uec-kernel) 597b866b450d491f889b9432a564e9a9 available public kernel instance-store
here user should get the message as in step 2 but it was successful.
Steps to reproduce:
1.I have created a user,tenant and ec2 credentials using keystone and didnt associated a role images
then try to run
$ euca-describe-
Unauthorized: Failure communicating with keystone2
2.then associated a role to the user b82fe804aac0ce6 82 --tenant-id cf38a72df8a14bb 8984c699edfceb1 c3 --role-id 26760c0f9ed045f cb70112f7b16813 b3
$keystone user-role-add --user-id ee32bff3e1524a2
3.then again I ran images 0.3.0-x86_ 64-uec) 597b866b450d491 f889b9432a564e9 a9 available public machineaki-00000001 ari-00000003 instance-store 0.3.0-x86_ 64-uec- ramdisk) 597b866b450d491 f889b9432a564e9 a9 available public ramdisk instance-store 0.3.0-x86_ 64-uec- kernel) 597b866b450d491 f889b9432a564e9 a9 available public kernel instance-store
$ euca-describe-
IMAGE ami-00000002 None (cirros-
IMAGE ari-00000003 None (cirros-
IMAGE aki-00000001 None (cirros-
4.remove the user-role b82fe804aac0ce6 82 --tenant-id cf38a72df8a14bb 8984c699edfceb1 c3 --role-id 26760c0f9ed045f cb70112f7b16813 b3
keystone user-role-delete --user-id ee32bff3e1524a2
5.now the user doesn't have any role associated,now again run images 0.3.0-x86_ 64-uec) 597b866b450d491 f889b9432a564e9 a9 available public machineaki-00000001 ari-00000003 instance-store 0.3.0-x86_ 64-uec- ramdisk) 597b866b450d491 f889b9432a564e9 a9 available public ramdisk instance-store 0.3.0-x86_ 64-uec- kernel) 597b866b450d491 f889b9432a564e9 a9 available public kernel instance-store
$ euca-describe-
IMAGE ami-00000002 None (cirros-
IMAGE ari-00000003 None (cirros-
IMAGE aki-00000001 None (cirros-
here user should get the message as in step 2 but it was successful.
not sure if this is a bug with keystone or ec2.