问题
I have an instance of Keyrock in fiware lab.
in my app, im trying to create user with api as Fiware keystone api create user and access with horizon.
now i check user:
curl -s -H "X-Auth-Token:17007fe11124bd71eb60" http://localhost:5000/v3/users/admin | python -mjson.tool
response:
> {
> "user": {
> "default_project_id": "d0f384973b9f4a57b975fcd9bef10c6e",
> "description": "admin",
> "domain_id": "default",
> "email": "admin@gmail.com",
> "enabled": true,
> "id": "admin",
> "links": {
> "self": "http://localhost:5000/v3/users/admin1"
> },
> "name": "admin@gmail.com",
> "username": "admin"
> } }
now name field is correct, but i cant log with this user in my Horizon. If i check the keystone.log, i can see this:
2016-09-21 12:28:50.353 1483 WARNING keystone.common.wsgi [-] Authorization failed. The request you have made requires authentication. from 127.0.0.1
2016-09-21 12:28:50.445 1482 WARNING keystone.auth.controllers [-] User admin doesn't have access to default project d0f384973b9f4a57b975fcd9bef10c6e. The token will be unscoped rather than scoped to the project.
2016-09-21 12:28:50.767 1481 WARNING keystone.common.wsgi [-] You are not authorized to perform the requested action: identity:revoke_token
2016-09-21 12:29:42.900 1483 WARNING keystone.common.controller [-] RBAC: Bypassing authorization
and in Horizon:
Of course, the log explains problem: "User admin doesn't have access to default project d0f384973b9f4a57b975fcd9bef10c6e" But, how can i set permissions to this user in project?
回答1:
You have to use the request:
PUT /v3/projects/{project_id}/users/{user_id}/roles/{role_id}
as explained in Keystone roles documentation
来源:https://stackoverflow.com/questions/39617005/keystone-create-user-and-permissions-by-api