You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
data.openstack_identity_project_v3.tf_project: Refreshing state...
Error: Unable to query openstack_identity_project_v3: Request forbidden: [GET http://10.0.0.1:5000/v3/projects?enabled=true&is_domain=false&name=test], error message: {"error": {"message": "You are not authorized to perform the requested action: identity:list_projects", "code": 403, "title": "Forbidden"}}
on project.tf line 13, in data "openstack_identity_project_v3" "tf_project":
13: data "openstack_identity_project_v3" "tf_project" {
With admin credentials:
terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
data.openstack_identity_project_v3.tf_project: Refreshing state...
------------------------------------------------------------------------
No changes. Infrastructure is up-to-date.
This means that Terraform did not detect any differences between your
configuration and real physical resources that exist. As a result, no
actions need to be performed.
Expected Behavior
Retrieving project informations must be accessible to non-admin users.
First, it would be easy to add a "project id" parameter, if used, the project listing can by avoided.
For a better implementation of this, you need to use the ListProjects from the users package.
Actual Behavior
Retrieving project informations in Terraform uses project listing which is only accessible to admin users due to the default access policy in Keystone: "identity:list_projects": "rule:admin_required".
Steps to Reproduce
Set your credentials, then:
terraform plan
The text was updated successfully, but these errors were encountered:
Terraform Version
$ ./terraform -v
Terraform v0.12.0-beta1
Affected Resource(s)
Terraform Configuration Files
Debug Output
With non-admin credentials:
With admin credentials:
Expected Behavior
Retrieving project informations must be accessible to non-admin users.
First, it would be easy to add a "project id" parameter, if used, the project listing can by avoided.
For a better implementation of this, you need to use the
ListProjects
from theusers
package.Actual Behavior
Retrieving project informations in Terraform uses project listing which is only accessible to admin users due to the default access policy in Keystone:
"identity:list_projects": "rule:admin_required"
.Steps to Reproduce
Set your credentials, then:
terraform plan
The text was updated successfully, but these errors were encountered: