Roman, It's not fully supported, right now domain, project ,user management isn't supported within admin user or domain user, but you can login in with domain user and operate as a normal user.
2014-05-06 16:23 GMT+08:00 Roman Bodnarchuk <roman.bodnarc...@indigitus.ch>: > Hello, > > Does this mean that there is no real support for non-default domains in > Horizon? > > Thanks, > Roman > > > On 5/5/2014 2:30 PM, Yaguang Tang wrote: > > I think this is an common requirement for users who want to keystone v3. I > filed a blueprint for it > https://blueprints.launchpad.net/horizon/+spec/domain-based-rbac. > > > 2014-04-24 23:30 GMT+08:00 Roman Bodnarchuk <roman.bodnarc...@indigitus.ch > >: > >> Hello, >> >> As far as I can tell, Horizon uses python-openstack-auth to authenticate >> users. In the same time, openstack_auth.KeystoneBackend.authenticate >> method generates only project scoped tokens. >> >> After enabling policy checks in Keystone, I tried to view a list of all >> projects on Admin panel and got "*Error: *Unauthorized: Unable to >> retrieve project list." on dashboard and the next in Keystone log: >> >> enforce identity:list_projects: {'project_id': >> u'80d91944f5af4c53ad5df4e386376e08', 'group_ids': [], 'user_id': >> u'ed14fd91122b47d2a6f575499ed0c4bb', 'roles': [u'admin']} >> ... >> WARNING keystone.common.wsgi [-] You are not authorized to perform the >> requested action, identity:list_projects. >> >> This is expected, since user's token is scoped to project, and no access >> to domain-wide resources should be allowed. >> >> How to work-around this? Is it possible to use policy checks on Keystone >> side while working with Horizon? >> >> I am using stable/icehouse and Keystone API v3. >> >> Thanks, >> Roman >> >> _______________________________________________ >> OpenStack-dev mailing list >> OpenStack-dev@lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > > > -- > Tang Yaguang > > Canonical Ltd. | www.ubuntu.com | www.canonical.com > Mobile: +86 152 1094 6968 > gpg key: 0x187F664F > > > > _______________________________________________ > OpenStack-dev mailing > listOpenStack-dev@lists.openstack.orghttp://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Tang Yaguang Canonical Ltd. | www.ubuntu.com | www.canonical.com Mobile: +86 152 1094 6968 gpg key: 0x187F664F
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
