Last active
February 3, 2018 05:18
-
-
Save kumarcv/8015275 to your computer and use it in GitHub Desktop.
Keystone v3 - issue with project creation using domain admin creds
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Create a domain | |
| =============== | |
| POST /v3/domains | |
| X-Auth-Token: ravi | |
| Request | |
| ``` | |
| { | |
| "domain": { | |
| "description": "test vpc 1", | |
| "enabled": true, | |
| "name": "vpc1" | |
| } | |
| } | |
| ``` | |
| Resonse | |
| ``` | |
| { | |
| links: { | |
| self: "http://10.244.66.250:5000/v3/domains/84e05262896e4049989315a55266cfc8" | |
| } | |
| - | |
| enabled: true | |
| description: "test vpc 1" | |
| name: "vpc1" | |
| id: "84e05262896e4049989315a55266cfc8" | |
| } | |
| ``` | |
| Create a User | |
| ============= | |
| POST /v3/users | |
| X-Auth-Token:ravi | |
| Request | |
| ``` | |
| { | |
| "user": { | |
| "description": "vpc1 domain1 project1 user1", | |
| "domain_id": "84e05262896e4049989315a55266cfc8", | |
| "email": "user@domain1project1.com", | |
| "enabled": true, | |
| "name": "vpc1admin", | |
| "password": "ravi" | |
| } | |
| } | |
| ``` | |
| Response | |
| ``` | |
| { | |
| user: { | |
| links: { | |
| self: "http://10.244.66.250:5000/v3/users/9f0137a0e4f24212b74b5aa80f17054f" | |
| } | |
| description: "vpc1 domain1 project1 user1" | |
| name: "vpc1admin" | |
| id: "9f0137a0e4f24212b74b5aa80f17054f" | |
| enabled: true | |
| domain_id: "84e05262896e4049989315a55266cfc8" | |
| email: "user@domain1project1.com" | |
| } | |
| } | |
| ``` | |
| Get a Token for vpc1admin | |
| ========================= | |
| GET /v3/auth/tokens | |
| Request | |
| ``` | |
| { | |
| "auth": { | |
| "identity": { | |
| "methods": [ | |
| "password" | |
| ], | |
| "password": { | |
| "user": { | |
| "domain": { | |
| "name": "vpc1" | |
| }, | |
| "name": "vpc1admin", | |
| "password": "ravi" | |
| } | |
| } | |
| } | |
| } | |
| } | |
| ``` | |
| Response | |
| Token: a2c7d292afc34539a3bae7018b56c8a3 | |
| ``` | |
| { | |
| token: { | |
| issued_at: "2013-12-17T22:21:32.836748Z" | |
| extras: {} | |
| methods: [1] | |
| 0: "password" | |
| - | |
| expires_at: "2013-12-18T22:21:32.836726Z" | |
| user: { | |
| domain: { | |
| id: "84e05262896e4049989315a55266cfc8" | |
| name: "vpc1" | |
| } | |
| - | |
| id: "9f0137a0e4f24212b74b5aa80f17054f" | |
| name: "vpc1admin" | |
| } | |
| - | |
| } | |
| - | |
| } | |
| ``` | |
| Grant the vpc1admin as admin for domain vpc1 | |
| ============================================ | |
| PUT /v3/domains/84e05262896e4049989315a55266cfc8/users/9f0137a0e4f24212b74b5aa80f17054f/roles/27fc4da10f164ea1ab55428a89b0fe9c | |
| Get the roles for vpc1admin for domain vpc1 | |
| =========================================== | |
| GET v3/domains/84e05262896e4049989315a55266cfc8/users/9f0137a0e4f24212b74b5aa80f17054f/roles/ | |
| Response | |
| ``` | |
| { | |
| links: { | |
| self: "http://10.244.66.250:5000/v3/domains/84e05262896e4049989315a55266cfc8/users/9f0137a0e4f24212b74b5aa80f17054f/roles" | |
| previous: null | |
| next: null | |
| } | |
| roles: [1] | |
| 0: { | |
| id: "27fc4da10f164ea1ab55428a89b0fe9c" | |
| links: { | |
| self: "http://10.244.66.250:5000/v3/roles/27fc4da10f164ea1ab55428a89b0fe9c" | |
| } | |
| name: "admin" | |
| } | |
| } | |
| ``` | |
| vpc1admin has "admin" role as expected | |
| Create a Project using vpc1admin token | |
| ====================================== | |
| POST /v3/projects | |
| X-Auth-Token: a2c7d292afc34539a3bae7018b56c8a3 | |
| Request | |
| ``` | |
| { | |
| "project": { | |
| "description": "test vpc 1 project", | |
| "enabled": true, | |
| "name": "vpc1 project1", | |
| "domain_id": "84e05262896e4049989315a55266cfc8" | |
| } | |
| } | |
| ``` | |
| Response | |
| ``` | |
| { | |
| error: { | |
| message: "You are not authorized to perform the requested action, identity:create_project." | |
| code: 403 | |
| title: "Forbidden" | |
| } | |
| } | |
| ``` | |
| Fix - Thanks to Dolph | |
| ==== | |
| 1) Get a token using domain in the scope | |
| POST /v3/tokens | |
| Request | |
| ``` | |
| { | |
| "auth": { | |
| "identity": { | |
| "methods": [ | |
| "password" | |
| ], | |
| "password": { | |
| "user": { | |
| "domain": { | |
| "name": "vpc1" | |
| }, | |
| "name": "vpc1admin", | |
| "password": "ravi" | |
| } | |
| } | |
| }, | |
| "scope": { | |
| "domain": { | |
| "id": "84e05262896e4049989315a55266cfc8" | |
| } | |
| } | |
| } | |
| } | |
| ``` | |
| Token got is 3ee15419e8084731a3654414d2e300d2 | |
| 2) Create a project | |
| POST /v3/projects | |
| X-Auth-Token: 3ee15419e8084731a3654414d2e300d2 | |
| Request | |
| ``` | |
| { | |
| "project": { | |
| "description": "test vpc 1 ", | |
| "enabled": true, | |
| "name": "vpc1project1", | |
| "domain_id": "84e05262896e4049989315a55266cfc8" | |
| } | |
| } | |
| ``` | |
| Response | |
| ``` | |
| { | |
| project: { | |
| description: "test vpc 1 " | |
| links: { | |
| self: "http://10.244.66.250:5000/v3/projects/26d8d8b68d7e4424819ccd15da9760a9" | |
| } | |
| enabled: true | |
| id: "26d8d8b68d7e4424819ccd15da9760a9" | |
| domain_id: "84e05262896e4049989315a55266cfc8" | |
| name: "vpc1project1" | |
| } | |
| } | |
| ``` | |
| ``` | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment