trustor_user_id not available in v2 trust token
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Wishlist
|
wanghong | ||
OpenStack Security Notes |
Won't Fix
|
Medium
|
Jamie Finnigan |
Bug Description
The trust information in the v2 token is missing the trustor_user_id and impersonation values. This means you are unable to tell who gave you the trust.
The following two examples were generated with the same information. (They are printed from client.auth_ref which is why they are missing some structure information)
v2 Trust token:
{u'metadata': {u'is_admin': 0,
u'serviceCatalog': [...],
u'token': {u'expires': u'2014-
u'id': u'4b8d23d9707a4
u'trust': {u'id': u'0b16de31a8c64
u'user': {u'id': u'f6cce259563e4
u'name': u'bob',
v3 Trust token:
{u'OS-TRUST:trust': {u'id': u'0b16de31a8c64
'auth_token': '0b8a2d2e081e4e
u'catalog': [...],
u'expires_at': u'2014-
u'extras': {},
u'issued_at': u'2014-
u'methods': [u'password'],
u'project': {u'domain': {u'id': u'default', u'name': u'Default'},
u'roles': [{u'id': u'136bc06cef2f4
{u'id': u'7d42773abeff4
u'user': {u'domain': {u'id': u'default', u'name': u'Default'},
u'id': u'f6cce259563e4
u'name': u'bob'}}
Changed in keystone: | |
importance: | Undecided → Wishlist |
status: | New → Triaged |
Changed in keystone: | |
assignee: | nobody → wanghong (w-wanghong) |
tags: | added: meeting-topic |
Changed in keystone: | |
milestone: | none → juno-rc1 |
tags: | added: juno-rc-potential |
Changed in keystone: | |
milestone: | juno-rc1 → none |
Changed in keystone: | |
milestone: | none → juno-rc1 |
Changed in keystone: | |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | juno-rc1 → 2014.2 |
Changed in ossn: | |
assignee: | nobody → Grant Murphy (gmurphy) |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in ossn: | |
assignee: | Grant Murphy (gmurphy) → Jamie Finnigan (jamiefinnigan) |
Fix proposed to branch: master /review. openstack. org/101829
Review: https:/