It should have worked by setting that flag. However, there seems to be an issue with keystone when I tested.
To me it looks the redelegation_count is initialized to 0, when you get a redelegated trust with trust_id (that field does not seem persisted in db, sql driver). Hence the validation[1] for delegation_depth fails.
Commenting out the validation though makes it work.
@Ethan,
It should have worked by setting that flag. However, there seems to be an issue with keystone when I tested.
To me it looks the redelegation_count is initialized to 0, when you get a redelegated trust with trust_id (that field does not seem persisted in db, sql driver). Hence the validation[1] for delegation_depth fails.
Commenting out the validation though makes it work.
[1] https:/ /github. com/openstack/ keystone/ blob/master/ keystone/ trust/core. py#L65- L72
Though I may be missing something else here on why redelegation_count is not persisted.