Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Authorization problem when using "WaitCondition" by non-admin tenant user

Hello,

I am trying template https://github.com/openstack/heat-templates/blob/master/cfn/WordPress_With_LB.template

I use a non-admin tenant user.

I get "CREATE_FAILED " error when creating the stack.

/var/log/heat/engine.log shows error as below: 2013-07-31 14:13:58.655 48115 ERROR heat.engine.resource [-] create WaitConditionHandle "WaitHandle" 2013-07-31 14:13:58.655 48115 TRACE heat.engine.resource Traceback (most recent call last): 2013-07-31 14:13:58.655 48115 TRACE heat.engine.resource File "/usr/lib/python2.6/site-packages/heat/engine/resource.py", line 320, in create 2013-07-31 14:13:58.655 48115 TRACE heat.engine.resource self.handle_create() 2013-07-31 14:13:58.655 48115 TRACE heat.engine.resource File "/usr/lib/python2.6/site-packages/heat/engine/resources/wait_condition.py", line 89, in handle_create 2013-07-31 14:13:58.655 48115 TRACE heat.engine.resource self.physical_resource_name()) 2013-07-31 14:13:58.655 48115 TRACE heat.engine.resource File "/usr/lib/python2.6/site-packages/heat/common/heat_keystoneclient.py", line 67, in create_stack_user 2013-07-31 14:13:58.655 48115 TRACE heat.engine.resource enabled=True) 2013-07-31 14:13:58.655 48115 TRACE heat.engine.resource File "/usr/lib/python2.6/site-packages/keystoneclient/v2_0/users.py", line 108, in create 2013-07-31 14:13:58.655 48115 TRACE heat.engine.resource return self._create('/users', params, "user") 2013-07-31 14:13:58.655 48115 TRACE heat.engine.resource File "/usr/lib/python2.6/site-packages/keystoneclient/base.py", line 88, in _create 2013-07-31 14:13:58.655 48115 TRACE heat.engine.resource resp, body = self.api.post(url, body=body) 2013-07-31 14:13:58.655 48115 TRACE heat.engine.resource File "/usr/lib/python2.6/site-packages/keystoneclient/client.py", line 414, in post 2013-07-31 14:13:58.655 48115 TRACE heat.engine.resource return self._cs_request(url, 'POST', *kwargs) 2013-07-31 14:13:58.655 48115 TRACE heat.engine.resource File "/usr/lib/python2.6/site-packages/keystoneclient/client.py", line 404, in _cs_request 2013-07-31 14:13:58.655 48115 TRACE heat.engine.resource *kwargs) 2013-07-31 14:13:58.655 48115 TRACE heat.engine.resource File "/usr/lib/python2.6/site-packages/keystoneclient/client.py", line 366, in request 2013-07-31 14:13:58.655 48115 TRACE heat.engine.resource raise exceptions.from_response(resp, resp.text) 2013-07-31 14:13:58.655 48115 TRACE heat.engine.resource Forbidden: Unable to communicate with identity service: {"error": {"message": "You are not authorized to perform the requested action: admin_required", "code": 403, "title": "Not Authorized"}}. (HTTP 403)

If I use an admin tenant user, creating stack works fine without error.

Is it a problem or something I did wrong ?

Kimi