我在固件实验室有一个 Keyrock 实例。
在我的应用程序中,我尝试使用 api 创建用户,因为Fiware keystone api 创建用户并使用 Horizon 访问。
现在我检查用户:
curl -s -H "X-Auth-Token:17007fe11124bd71eb60" http://localhost:5000/v3/users/admin | python -mjson.tool
回复:
> {
> "user": {
> "default_project_id": "d0f384973b9f4a57b975fcd9bef10c6e",
> "description": "admin",
> "domain_id": "default",
> "email": "admin@gmail.com",
> "enabled": true,
> "id": "admin",
> "links": {
> "self": "http://localhost:5000/v3/users/admin1"
> },
> "name": "admin@gmail.com",
> "username": "admin"
> } }
现在名称字段是正确的,但我无法在我的 Horizon 中使用该用户登录。如果我检查 keystone.log,我可以看到:
2016-09-21 12:28:50.353 1483 WARNING keystone.common.wsgi [-] Authorization failed. The request you have made requires authentication. from 127.0.0.1
2016-09-21 12:28:50.445 1482 WARNING keystone.auth.controllers [-] User admin doesn't have access to default project d0f384973b9f4a57b975fcd9bef10c6e. The token will be unscoped rather than scoped to the project.
2016-09-21 12:28:50.767 1481 WARNING keystone.common.wsgi [-] You are not authorized to perform the requested action: identity:revoke_token
2016-09-21 12:29:42.900 1483 WARNING keystone.common.controller [-] RBAC: Bypassing authorization
在地平线中:
当然,日志解释了问题:“用户管理员无权访问默认项目 d0f384973b9f4a57b975fcd9bef10c6e ”但是,如何在项目中设置此用户的权限?