I am trying to use the IAM service proxy so I created an user with Full Admin permissions. On the web-console, I can login as that user and I am able to create projects, groups and users, as well as assign roles to groups.
When I tried to using the IAM API, a lot of the calls had permission errors or some other obscure error.
Refer to this simple script:
import openstack
# ~ openstack.enable_logging(True)
cc = openstack.connect(cloud='otc')
# This is broken
for i in cc.identity.policies():
print(i)
# This fails with permission denied
for i in cc.identity.groups():
print(i)
# This fails with permission denied
for i in cc.identity.roles():
print(i)
# This fails with permission denied
for i in cc.identity.users():
print(i)
# This fails with permission denied
for i in cc.identity.agencies():
print(i)
# This is OK
for i in cc.identity.projects():
print('{id} {name:16} {description}'.format(**i))
# This is OK
for i in cc.identity.services():
print('{id} {name:16} {type}'.format(**i))
# This is OK
for i in cc.identity.regions():
print('{id}'.format(**i))
Hello,
I am trying to use the IAM service proxy so I created an user with
Full Admin
permissions. On the web-console, I can login as that user and I am able to create projects, groups and users, as well as assign roles to groups.When I tried to using the IAM API, a lot of the calls had permission errors or some other obscure error.
Refer to this simple script: