Hi,
I have a user with admin role in default domain.
I want to create a project scoped token using this, but getting a 401 error.
Following is the exact setup
Keystone: Juno version using identity v3 APIs
Domain: default
User: admin (has admin role assigned to default domain)
Project: testscope (created inside the default domain)
The curl command to create Project Scoped token:
# curl -k -i -H "Content-Type: application/json" -d '{ "auth": {"identity":
{"methods": ["password"],"password": {"user": {"name": "admin","domain": {
"id": "default"},"password": "admin" }}}, "scope": { "project": { "name":
"testscope", "domain": { "id": "default" }}} }}'
https://keystone:5000/v3/auth/tokens?nocatalog
HTTP/1.1 401 Unauthorized
{"error": {"message": "The request you have made requires authentication.",
"code": 401, "title": "Unauthorized"}}
But if I assign admin role to the Project then everything works fine.
My question is - why should I assign admin role to the project, even though I
am a domain admin?
Shouldn’t a domain admin have access to all projects within it by default?
Thanks
Suresh
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
