Create trust failed with permission to list roles

Bug #1658582 reported by hongbin on 2017-01-23
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fix Released

Bug Description

To reproduce the error:

$ source /opt/stack/devstack/openrc admin admin
$ TRUSTOR_ID=`openstack user list | awk '/ admin /{print $2}'`
$ TRUSTEE_ID=`openstack user list | awk '/ demo /{print $2}'`
$ source /opt/stack/devstack/openrc demo demo
$ openstack trust create --project demo --role Member $TRUSTOR_ID $TRUSTEE_ID
You are not authorized to perform the requested action: identity:list_roles (HTTP 403) (Request-ID: req-10468575-f0db-4f66-82b9-77b912ee6fbe)

If trustor is non-admin, he/she won't have enough permission to list roles. The create trust command should handle this case.

hongbin (hongbin034) on 2017-01-23
Changed in python-openstackclient:
assignee: nobody → hongbin (hongbin034)
Changed in python-openstackclient:
status: New → In Progress

Submitter: Jenkins
Branch: master

commit 5cf77bb672eeb28327cac8bc0a8227c8b7137819
Author: Hongbin Lu <email address hidden>
Date: Mon Jan 23 00:04:02 2017 -0600

    Handle 403 error on creating trust

    Currently, creating trust requires permission to list roles, but
    non-admin users don't have permission to do that by default. This
    commit adds exception handling on listing roles, and continue to
    create trust if server returns 403.

    Closes-Bug: #1658582
    Change-Id: I4f016b76cb46ae07ef65ed54780881bbcd6210d3

Changed in python-openstackclient:
status: In Progress → Fix Released

This issue was fixed in the openstack/python-openstackclient 3.8.0 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers