Create trust failed with permission to list roles
Bug #1658582 reported by
hongbin
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-openstackclient |
Fix Released
|
Undecided
|
hongbin |
Bug Description
To reproduce the error:
$ source /opt/stack/
$ TRUSTOR_
$ TRUSTEE_
$ source /opt/stack/
$ openstack trust create --project demo --role Member $TRUSTOR_ID $TRUSTEE_ID
You are not authorized to perform the requested action: identity:list_roles (HTTP 403) (Request-ID: req-10468575-
If trustor is non-admin, he/she won't have enough permission to list roles. The create trust command should handle this case.
Changed in python-openstackclient: | |
assignee: | nobody → hongbin (hongbin034) |
Changed in python-openstackclient: | |
status: | New → In Progress |
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/423917 /git.openstack. org/cgit/ openstack/ python- openstackclient /commit/ ?id=5cf77bb672e eb28327cac8bc0a 8227c8b7137819
Committed: https:/
Submitter: Jenkins
Branch: master
commit 5cf77bb672eeb28 327cac8bc0a8227 c8b7137819
Author: Hongbin Lu <email address hidden>
Date: Mon Jan 23 00:04:02 2017 -0600
Handle 403 error on creating trust
Currently, creating trust requires permission to list roles, but
non-admin users don't have permission to do that by default. This
commit adds exception handling on listing roles, and continue to
create trust if server returns 403.
Closes-Bug: #1658582 07ef65ed5478088 1bbcd6210d3
Change-Id: I4f016b76cb46ae