When a trust is created, it requires trustee, trustor exist in the DB, but when the associated user or project is deleted trust still exist.
The trust left in the DB is useless, and won't be used any longer since either id of user/project is a random number when it got created it not likely the trust will be effective any longer.
How to reproduce:
$ openstack user create trustor --password abc123
$ openstack user create trustee --password abc123
$ openstack project create trust_project
$ openstack role add 9cf8420ea5324f79b9d740e3ce5f0e04 --project 2c455f8756d04b9485ec0b344c0e2089 --user 3e56ae62d1c94ead9fe9a4b31aaee070 (Add role service to project trust with user trustor)
curl -g -i -X POST -H "Accept: application/json" -H "X-Auth-Token: 94d06939e65243f99cbfcf331bdf3e0b" -H "Content-Type: application/json" -d '{
"trust": { "expires_at": "2017-02-27T18:30:59.999999Z", "impersonation": true, "allow_redelegation": true, "project_id": "2c455f8756d04b9485ec0b344c0e2089",
"roles": [
{ "name": "admin"
}
], "trustee_user_id": "9147c64ef0624477bfc9dba818aa569c", "trustor_user_id": "3e56ae62d1c94ead9fe9a4b31aaee070", "redelegation_count": 3
}
}' http://10.239.159.68:5000/v3/OS-TRUST/trusts
$ openstack user delete trustor
$ openstack trust list
+---------------------------+---------------------------+---------------+---------------------------+---------------------------+---------------------------+
| ID | Expires At | Impersonation | Project ID | Trustee User ID | Trustor User ID |
+---------------------------+---------------------------+---------------+---------------------------+---------------------------+---------------------------+
| e7491ab063e247b6ad072b562 | 2017-02-27T18:30:59.00000 | True | 2c455f8756d04b9485ec0b344 | 9147c64ef0624477bfc9dba81 | 3e56ae62d1c94ead9fe9a4b31 |
| b32e37e | 0Z | | c0e2089 | 8aa569c | aaee070 |
+---------------------------+---------------------------+---------------+---------------------------+---------------------------+---------------------------+
When a trust is created, it requires trustee, trustor exist in the DB, but when the associated user or project is deleted trust still exist.
The trust left in the DB is useless, and won't be used any longer since either id of user/project is a random number when it got created it not likely the trust will be effective any longer.
How to reproduce: 9b9d740e3ce5f0e 04 --project 2c455f8756d04b9 485ec0b344c0e20 89 --user 3e56ae62d1c94ea d9fe9a4b31aaee0 70 (Add role service to project trust with user trustor) 99cbfcf331bdf3e 0b" -H "Content-Type: application/json" -d '{
"expires_ at": "2017-02- 27T18:30: 59.999999Z" ,
"impersonation ": true,
"allow_ redelegation" : true,
"project_ id": "2c455f8756d04b 9485ec0b344c0e2 089",
"name" : "admin"
"trustee_ user_id" : "9147c64ef06244 77bfc9dba818aa5 69c",
"trustor_ user_id" : "3e56ae62d1c94e ad9fe9a4b31aaee 070",
"redelegation_ count": 3 10.239. 159.68: 5000/v3/ OS-TRUST/ trusts ------- ------- ------- +------ ------- ------- ------- +------ ------- --+---- ------- ------- ------- --+---- ------- ------- ------- --+---- ------- ------- ------- --+ ------- ------- ------- +------ ------- ------- ------- +------ ------- --+---- ------- ------- ------- --+---- ------- ------- ------- --+---- ------- ------- ------- --+ 6ad072b562 | 2017-02- 27T18:30: 59.00000 | True | 2c455f8756d04b9 485ec0b344 | 9147c64ef062447 7bfc9dba81 | 3e56ae62d1c94ea d9fe9a4b31 | ------- ------- ------- +------ ------- ------- ------- +------ ------- --+---- ------- ------- ------- --+---- ------- ------- ------- --+---- ------- ------- ------- --+
$ openstack user create trustor --password abc123
$ openstack user create trustee --password abc123
$ openstack project create trust_project
$ openstack role add 9cf8420ea5324f7
curl -g -i -X POST -H "Accept: application/json" -H "X-Auth-Token: 94d06939e65243f
"trust": {
"roles": [
{
}
],
}
}' http://
$ openstack user delete trustor
$ openstack trust list
+------
| ID | Expires At | Impersonation | Project ID | Trustee User ID | Trustor User ID |
+------
| e7491ab063e247b
| b32e37e | 0Z | | c0e2089 | 8aa569c | aaee070 |
+------