Open Stack

On Mon, Aug 19, 2013 at 6:06 AM, Steven Hardy <shardy at redhat.com> wrote:

> On Sun, Aug 18, 2013 at 07:02:04PM +0200, Matthieu Huin wrote:
> > Hi Steve,
> >
> > It might be a bit late for this, but here's a script I wrote when
> experimenting with trusts:
> https://github.com/mhuin/keystone_trust/blob/master/tests/swift_example.sh
> >
> > I hope it'll help you.
>
> Thanks for this!!
>
> Exactly what I was looking for and has enabled me to solve my problem (my
> test code was broken).
>
> I've marked this bug invalid:
>
> https://bugs.launchpad.net/keystone/+bug/1213340
>
> Interestingly, my debugging has highlighted a slightly non-obvious issue
> with
> the creation and consumption of a trust which is probably worth mentioning
> here:
>
> The docs state ""A project_id may not be specified without at least one
> role,
> and vice versa.", however /OS-TRUST/trusts *does* allow you to create a
> trust
> with an empty roles list.
>
> This results in 401 responses whenever you try to consume the trust, which
> is
> not exactly obvious until you realize what's happening..
>
> Can I ask if this is deliberate, or is it a bug in the trusts create code?
>

That certainly sounds like a bug, given that it directly conflicts with the
documented behavior.


>
> It seems odd to allow creation of a trust which is seemingly useless and
> can
> never be consumed?
>

++


>
> Thanks all for your help working through this!
>
> Steve
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>



-- 

-Dolph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130819/e7c1ef2b/attachment.html>