Trust creation allowed with empty roles list
Bug #1214064 reported by
Steven Hardy
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Identity (keystone) |
Fix Released
|
Medium
|
wanghong | ||
Bug Description
The docs state ""A project_id may not be specified without at least one role,
and vice versa.", however /OS-TRUST/trusts *does* allow you to create a trust
with an empty roles list and project_id specified.
This results in 401 responses whenever you try to consume the trust, which is
not exactly obvious until you realize what's happening..
It seems odd to allow creation of a trust which is seemingly useless and can
never be consumed, so I guess either the code or the docs need updating?
| Changed in keystone: | |
| assignee: | nobody → Adam Young (ayoung) |
| Changed in keystone: | |
| importance: | Undecided → High |
| status: | New → Triaged |
| milestone: | none → havana-3 |
| tags: | added: grizzly-backport-potential |
| Changed in keystone: | |
| importance: | High → Medium |
| Changed in keystone: | |
| milestone: | havana-3 → none |
Revision history for this message
| wanghong (w-wanghong) wrote | #1 |
| Changed in keystone: | |
| assignee: | Adam Young (ayoung) → nobody |
| assignee: | nobody → wanghong (w-wanghong) |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to keystone (master) | #2 |
| Changed in keystone: | |
| status: | Triaged → In Progress |
| tags: |
added: havana-backport-potential removed: grizzly-backport-potential |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to keystone (master) | #3 |
| Changed in keystone: | |
| status: | In Progress → Fix Committed |
| Changed in keystone: | |
| milestone: | none → icehouse-rc1 |
| status: | Fix Committed → Fix Released |
| Changed in keystone: | |
| milestone: | icehouse-rc1 → 2014.1 |
To post a comment you must log in.
Hi Adam, are you working on this now? Can I assign this to me?