[Yahoo-eng-team] [Bug 1544721] Re: Policy for listing service providers requires admin

Mon, 01 Aug 2016 13:51:25 -0700 

** Changed in: keystone
       Status: Triaged => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1544721

Title:
  Policy for listing service providers requires admin

Status in OpenStack Identity (keystone):
  Invalid

Bug description:
  When creating a v3 keystoneclient using non admin credentials I'm able
  to get the list of service providers from the service catalog, but the
  policy doesn't allow to list or get service providers by default.

  >>> ksclient2.service_catalog.catalog[u'service_providers']
  [{u'sp_url': u'http://xxx.xxx.xxx.xxx:5000/Shibboleth.sso/SAML2/ECP', 
u'auth_url': 
u'http://xxx.xxx.xxx.xxx:35357/v3/OS-FEDERATION/identity_providers/keystone-idp/protocols/saml2/auth',
 u'id': u'keystone-sp'}]

  >>> ksclient2.federation.service_providers.list()
  Traceback (most recent call last):
    File "<stdin>", line 1, in <module>
    File 
"/usr/local/lib/python2.7/dist-packages/keystoneclient/v3/contrib/federation/service_providers.py",
 line 76, in list
      return super(ServiceProviderManager, self).list(**kwargs)
    File "/usr/local/lib/python2.7/dist-packages/keystoneclient/base.py", line 
75, in func
      return f(*args, **new_kwargs)
    File "/usr/local/lib/python2.7/dist-packages/keystoneclient/base.py", line 
388, in list
      self.collection_key)
    File "/usr/local/lib/python2.7/dist-packages/keystoneclient/base.py", line 
124, in _list
      resp, body = self.client.get(url, **kwargs)
    File "/usr/local/lib/python2.7/dist-packages/keystoneclient/adapter.py", 
line 170, in get
      return self.request(url, 'GET', **kwargs)
    File "/usr/local/lib/python2.7/dist-packages/keystoneclient/adapter.py", 
line 206, in request
      resp = super(LegacyJsonAdapter, self).request(*args, **kwargs)
    File "/usr/local/lib/python2.7/dist-packages/keystoneclient/adapter.py", 
line 95, in request
      return self.session.request(url, method, **kwargs)
    File "/usr/local/lib/python2.7/dist-packages/keystoneclient/utils.py", line 
337, in inner
      return func(*args, **kwargs)
    File "/usr/local/lib/python2.7/dist-packages/keystoneclient/session.py", 
line 405, in request
      raise exceptions.from_response(resp, method, url)
  keystoneauth1.exceptions.http.Forbidden: You are not authorized to perform 
the requested action: identity:list_service_providers (Disable debug mode to 
suppress these details.) (HTTP 403) (Request-ID: 
req-485c64e6-5de1-4470-9439-e05275a350fa)

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1544721/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to