Is there a way to allow non-admin to create some sub-projects ?
Hi, I use KeystoneV3 and Juno on Ubuntu 14.04. I wish allows all users to lists and creates projects into a defined root project. Root project is named "testzone".
I've try this couple of rules :
"inprojectzone": "'84a51db0fc4747b48e72fe45f35892e2':%(target.project.parents)s",
...
"identity:create_project": "rule:admin_required or rule:inprojectzone",
I've tried target.project.parents or target.project.parent_id without results...
Here is the code used to try to create projects
parent=admclient.projects.list(name='freezone')[0]
# ok
admclient.projects.create(domain="default", name="oui", description='My test projects', parent=parent)
Keystone answers
keystoneclient.openstack.common.apiclient.exceptions.Forbidden: You are not authorized to perform the requested action: identity:create_project
Is there a way to allows sub-projects creation to role or all into a defined project ?
Thank you, Tristanlt