Actually, "identity:get_project" : "" seems ok, there's plenty of other actions with that lack of restriction. get_auth_catalog, get_auth_domains, get_region.
> On Feb 5, 2016, at 2:55 PM, Abel Lopez <[email protected]> wrote: > > After digging around and switching my distribution to RDO (I was testing OSP8 > beta) > I saw that the error was 403 forbidden to do "identity:get_project", which by > policy is "admin_only" > I'm currently testing with of the more lax rules allow it to work, as simply > setting it to "" worked, but is too open IMO. > >> On Feb 5, 2016, at 7:59 AM, Abel Lopez <[email protected] >> <mailto:[email protected]>> wrote: >> >> Nah, I had that error previously, and added the keymgr section. >> Just seeing a bunch of 404s when horizon tries to get the "project Id" using >> the /tenant URL. >> >> On Friday, February 5, 2016, Matt Fischer <[email protected] >> <mailto:[email protected]>> wrote: >> Are you seeing the cinder Volume limit error? >> >> If that's the issue the work around is here in the bug description. >> >> https://bugs.launchpad.net/tripleo/+bug/1521639 >> <https://bugs.launchpad.net/tripleo/+bug/1521639> >> On Feb 4, 2016 10:31 PM, "Abel Lopez" <[email protected] >> <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote: >> Hey everyone, >> In my liberty testing, I've got keystone v3 setup, and everything seems to >> work, except certain cinder functions >> >> Using openstack client, I can boot an instance from image to a new volume. >> Using horizon, this fails. I have followed the v3 guides, having setup >> local_settings to have OPENSTACK_API_VERSION with 'identity': 3, >> and also having the /v3 endpoint. >> >> The logs indicate that horizon can't find the tenant id. When I saw this >> using the CLI, the fix was to add the 'endpoint_template' substituting >> "tenant_id" with "project_id" >> >> Does anyone know of any additional changes needed to make horizon work with >> auth v3 backend? >> >> >> >> _______________________________________________ >> OpenStack-operators mailing list >> [email protected] >> <javascript:_e(%7B%7D,'cvml','[email protected]');> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators> >> >
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ OpenStack-operators mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
