Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Is there a way to allow non-admin to create some sub-projects ?

Hi, I use KeystoneV3 and Juno on Ubuntu 14.04. I wish allows all users to lists and creates projects into a defined root project. Root project is named "testzone".

I've try this couple of rules :

"inprojectzone": "'84a51db0fc4747b48e72fe45f35892e2':%(target.project.parents)s",
...
"identity:create_project": "rule:admin_required or rule:inprojectzone",

I've tried target.project.parents or target.project.parent_id without results...

Here is the code used to try to create projects

parent=admclient.projects.list(name='freezone')[0]
# ok
admclient.projects.create(domain="default", name="oui", description='My test projects', parent=parent)

Keystone answers

keystoneclient.openstack.common.apiclient.exceptions.Forbidden: You are not authorized to perform the requested action: identity:create_project

Is there a way to allows sub-projects creation to role or all into a defined project ?

Thank you, Tristanlt