Document unrestricted application credential requirement for Magnum clusters #750
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Co-authored-by: mnaser <[email protected]>
Copilot
AI
changed the title
[WIP] "Failed to create trustee or trust for Cluster" when using app creds which aren't unrestricted
Document unrestricted application credential requirement for Magnum clusters
Jul 10, 2025
okozachenko1203
requested changes
Jul 10, 2025
Member
okozachenko1203
left a comment
okozachenko1203
left a comment
There was a problem hiding this comment.
The problem is caused because the user who creates magnum cluster uses application credential without unrestricted enabled. it is not related to the application credential which magnum-cluster-api creates and uses to interact with openstack
Member
|
@mnaser i think copilot only accepts the review from you :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds comprehensive documentation to address the common issue where users encounter "Failed to create trustee or trust for Cluster" errors when using application credentials that weren't created with the
--unrestrictedflag.Changes Made
New Authentication Documentation (
docs/admin/authentication.md)--unrestrictedflag is required for Magnum application credentialsEnhanced Troubleshooting Documentation (
docs/admin/troubleshooting.md)--unrestrictedflagUpdated Navigation (
docs/SUMMARY.md)Problem Solved
Users who create application credentials without the
--unrestrictedflag encounter cryptic errors like:This happens because non-unrestricted application credentials lack the permissions needed to create the trust relationships that Magnum requires for cluster management operations.
Solution Provided
The documentation now clearly explains:
Example of the correct approach now documented:
This documentation will help users avoid this common pitfall and provide a clear path to resolution when they encounter the issue.
Fixes #749.
💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.