On 01/09/2018 11:57 AM, Akshay Kapoor wrote: > Hello Everyone ! > > I am facing some issues with the Openstack CLI > > Scenario: > > I have a domain admin user account (say 'A') > > I want to assign this user as an 'admin' to two projects X and Y in > the same domain. > > When I trigger the command 'openstack --insecure role add --user > "$OS_USERNAME" --project "X" admin' , I get the following error: > > The request you have made requires authentication. (HTTP 401) Are you sure your credentials are right when authenticating? Based solely on the information provided there could be a couple of things happening. The first is that the credentials provided to make the call are incorrect. The second is that the user your attempting to authenticate as to make the call doesn't have a role on the project keystoneauth is trying to get a scoped token for (which can be denoted using
If you were able to get a token and use it to make the call and if you didn't have the right permissions to assign roles to other users you'd be seeing a 403 instead of a 401. Those are just a couple suggestions based on the information provided. If you have access to the keystone logs you should see log warning or debug messaging that might be more helpful (depending on the configuration). Keystone does provide an administrator account during the bootstrap process [0] which should have the proper role to do these operations according to the default policies. [0] https://docs.openstack.org/keystone/latest/admin/identity-bootstrap.html > > > How can I add this admin user as an admin to two different tenants > (where this admin account has no role previously). Once this role > assignment is done, I want to setup rbac access between two projects > 'X' and 'Y' > > > Any help would be really appreciated. Thanks > > > Best Regards, > Akshay > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: [email protected]?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
signature.asc
Description: OpenPGP digital signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
