OpenStack Identity (keystone)

  1. Bug #1214064
  2. Comment #3

Comment 3 for bug 1214064

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/69162
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=0aff9ff3af4a6bc0b3d6128ae35231d1b18d543b
Submitter: Jenkins
Branch: master

commit 0aff9ff3af4a6bc0b3d6128ae35231d1b18d543b
Author: wanghong <email address hidden>
Date: Sun Jan 26 11:14:46 2014 +0800

    trust creation allowed with empty roles list

    The docs state "A project_id may not be specified without at least
    one role, and vice versa.", however /OS-TRUST/trusts does allow you
    to create a trust with an empty roles list and project_id specified.

    This results in 401 responses whenever you try to consume the trust,
    because there are no roles for the trustee on the authorized project.

    This patch will add a check in trust creation to ensure at least one
    role exists if project_id is supplied.

    Change-Id: Iebad0b6b7ed62a029d1e50afb003679bafb1655d
    Closes-Bug: #1214064