[Openstack] [Heat] trusts_delegated_roles=member?
Kieran Spear
kispear at gmail.com
Mon Sep 8 01:11:07 UTC 2014
Hi,
I'm looking at configuring our Heat deployment to use trusts as the
deferred auth method. The requirement to grant each user the
heat_stack_owner role (or similar) makes things a bit awkward, since
we allow users to grant each other membership within a project and
don't want them to have to worry about specific roles for different
services.
I'm considering just setting:
trusts_delegated_roles=member
But I'm wondering if there are any security implications in doing this
that I haven't considered? Obviously we'd lose the ability to restrict
exactly what Heat can do with this trust, but it seems like this is
still a better alternative than not using trusts at all?
Cheers,
Kieran
More information about the Openstack
mailing list