[openstack-dev] [keystone] Help consuming trusts

Steven Hardy shardy at redhat.com
Mon Aug 19 11:06:13 UTC 2013


On Sun, Aug 18, 2013 at 07:02:04PM +0200, Matthieu Huin wrote:
> Hi Steve,
> 
> It might be a bit late for this, but here's a script I wrote when experimenting with trusts: https://github.com/mhuin/keystone_trust/blob/master/tests/swift_example.sh
> 
> I hope it'll help you.

Thanks for this!!

Exactly what I was looking for and has enabled me to solve my problem (my test code was broken).

I've marked this bug invalid:

https://bugs.launchpad.net/keystone/+bug/1213340

Interestingly, my debugging has highlighted a slightly non-obvious issue with
the creation and consumption of a trust which is probably worth mentioning here:

The docs state ""A project_id may not be specified without at least one role,
and vice versa.", however /OS-TRUST/trusts *does* allow you to create a trust
with an empty roles list.

This results in 401 responses whenever you try to consume the trust, which is
not exactly obvious until you realize what's happening..

Can I ask if this is deliberate, or is it a bug in the trusts create code?

It seems odd to allow creation of a trust which is seemingly useless and can
never be consumed?

Thanks all for your help working through this!

Steve



More information about the OpenStack-dev mailing list