[openstack-dev] [keystone] Help consuming trusts

Steven Hardy shardy at redhat.com
Mon Aug 19 17:54:17 UTC 2013


On Mon, Aug 19, 2013 at 09:15:24AM -0500, Dolph Mathews wrote:
> On Mon, Aug 19, 2013 at 6:06 AM, Steven Hardy <shardy at redhat.com> wrote:
> 
> > On Sun, Aug 18, 2013 at 07:02:04PM +0200, Matthieu Huin wrote:
> > > Hi Steve,
> > >
> > > It might be a bit late for this, but here's a script I wrote when
> > experimenting with trusts:
> > https://github.com/mhuin/keystone_trust/blob/master/tests/swift_example.sh
> > >
> > > I hope it'll help you.
> >
> > Thanks for this!!
> >
> > Exactly what I was looking for and has enabled me to solve my problem (my
> > test code was broken).
> >
> > I've marked this bug invalid:
> >
> > https://bugs.launchpad.net/keystone/+bug/1213340
> >
> > Interestingly, my debugging has highlighted a slightly non-obvious issue
> > with
> > the creation and consumption of a trust which is probably worth mentioning
> > here:
> >
> > The docs state ""A project_id may not be specified without at least one
> > role,
> > and vice versa.", however /OS-TRUST/trusts *does* allow you to create a
> > trust
> > with an empty roles list.
> >
> > This results in 401 responses whenever you try to consume the trust, which
> > is
> > not exactly obvious until you realize what's happening..
> >
> > Can I ask if this is deliberate, or is it a bug in the trusts create code?
> >
> 
> That certainly sounds like a bug, given that it directly conflicts with the
> documented behavior.

Ok, thanks, I've raised a bug:

https://bugs.launchpad.net/keystone/+bug/1214064

Steve



More information about the OpenStack-dev mailing list