| *** mhen_ is now known as mhen | 01:50 | |
| *** bodgix4 is now known as bodgix | 03:53 | |
| *** avanzaghi10 is now known as avanzaghi1 | 03:53 | |
| *** cstone673 is now known as cstone67 | 07:14 | |
| stiw47 | Hi. Can someone help me to understand application credential? | 13:42 |
|---|---|---|
| stiw47 | Example: If I create application credential without specifying --access-rules, everything is working. I can e.g. do openstack server list, and get an output | 13:43 |
| stiw47 | But if I specify --access-rules, exactly as mentioned in docs: https://docs.openstack.org/keystone/latest/user/application_credentials.html , it is not working | 13:44 |
| stiw47 | I am getting | 13:44 |
| stiw47 | # openstack server list | 13:44 |
| stiw47 | The request you have made requires authentication. (HTTP 401) (Request-ID: req-b2ca1a25-d7b7-4eb3-a7de-fe3293e77ee1) | 13:44 |
| stiw47 | This is what I'm specifying in rules | 13:45 |
| stiw47 | --access-rules '[ { "service": "compute", "method": "POST", "path": "/v2.1/**" }, { "service": "compute", "method": "GET", "path": "/v2.1/**" } ]' | 13:45 |
| stiw47 | And both credentials, with and without --access-rules, had been created with admin user | 13:46 |
| stiw47 | And when trying to use application credential from the openstack CLI, these are variables I am sourcing: | 13:47 |
| stiw47 | # export OS_AUTH_TYPE=v3applicationcredential | 13:48 |
| stiw47 | export OS_APPLICATION_CREDENTIAL_ID=f9d9b04a9b824fcb922c54fc462c2047 | 13:48 |
| stiw47 | export OS_APPLICATION_CREDENTIAL_SECRET=test | 13:48 |
| stiw47 | export OS_AUTH_URL=https://10.0.102.100:5000/v3 | 13:48 |
| stiw47 | working if I export OS_APPLICATION_CREDENTIAL_ID of the credentials where --access-rules were not used, and not working if I have --access-rules (all other variables are the same, it is also same secret on both credentials) | 13:50 |
| frickler | stiw47: you can add "--debug" to your OSC command and it will show you the URLs it is calling, that should you allow to identify which call exactly is failing. from a quick test it seems that that command also accesses glance to identify images | 19:37 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!