[openstack-dev] [keystone] Help consuming trusts

Steven Hardy shardy at redhat.com
Sat Aug 17 12:18:30 UTC 2013

On Fri, Aug 16, 2013 at 11:42:52AM -0400, Steve Martinelli wrote:
> Hi Steven,
> You can look at the unit tests being run.
> https://github.com/openstack/keystone/blob/master/keystone/tests/test_v3_auth.py#L1782
> It looks like you need to provide the trustee uname/password and the trust
> id. Keep digging into 'build_authentication_request" to see how it's
> structured, then it's just a call to /auth/tokens.

Thanks for the pointers, I've looked at the tests, and it seems like most
of them are error path tests, I'm not sure which one demonstrates a
successful response from the v3 /auth/tokens with a trust ID specified in
the scope section of the request?

I've raised two bugs related to this issue:


The latter was discussed on IRC yesterday and I've tested the fix and the
500 error is fixed, but now I get the same 401 response for both token and
username/password requests.  If I don't specify a trust ID in the request,
I get a token back without any problem.

It may be that there is an issue with my keystoneclient patch:


However, despite looking carefully at the requests generated, I can't spot
any problem, the requests appear to match the required format in the API
docs AFAICS:


There are reproducers on each of the bugs above, showing the failure in
both token and password methods, if anyone has time to take a look and help
me figure out the next step, that would be much appreciated as atm I'm a
bit stumped!



More information about the OpenStack-dev mailing list