[openstack-dev] [keystone] Help consuming trusts
Steven Hardy
shardy at redhat.com
Mon Aug 19 11:06:13 UTC 2013
On Sun, Aug 18, 2013 at 07:02:04PM +0200, Matthieu Huin wrote:
> Hi Steve,
>
> It might be a bit late for this, but here's a script I wrote when experimenting with trusts: https://github.com/mhuin/keystone_trust/blob/master/tests/swift_example.sh
>
> I hope it'll help you.
Thanks for this!!
Exactly what I was looking for and has enabled me to solve my problem (my test code was broken).
I've marked this bug invalid:
https://bugs.launchpad.net/keystone/+bug/1213340
Interestingly, my debugging has highlighted a slightly non-obvious issue with
the creation and consumption of a trust which is probably worth mentioning here:
The docs state ""A project_id may not be specified without at least one role,
and vice versa.", however /OS-TRUST/trusts *does* allow you to create a trust
with an empty roles list.
This results in 401 responses whenever you try to consume the trust, which is
not exactly obvious until you realize what's happening..
Can I ask if this is deliberate, or is it a bug in the trusts create code?
It seems odd to allow creation of a trust which is seemingly useless and can
never be consumed?
Thanks all for your help working through this!
Steve
More information about the OpenStack-dev
mailing list