commit 0aff9ff3af4a6bc0b3d6128ae35231d1b18d543b
Author: wanghong <email address hidden>
Date: Sun Jan 26 11:14:46 2014 +0800
trust creation allowed with empty roles list
The docs state "A project_id may not be specified without at least
one role, and vice versa.", however /OS-TRUST/trusts does allow you
to create a trust with an empty roles list and project_id specified.
This results in 401 responses whenever you try to consume the trust,
because there are no roles for the trustee on the authorized project.
This patch will add a check in trust creation to ensure at least one
role exists if project_id is supplied.
Reviewed: https:/ /review. openstack. org/69162 /git.openstack. org/cgit/ openstack/ keystone/ commit/ ?id=0aff9ff3af4 a6bc0b3d6128ae3 5231d1b18d543b
Committed: https:/
Submitter: Jenkins
Branch: master
commit 0aff9ff3af4a6bc 0b3d6128ae35231 d1b18d543b
Author: wanghong <email address hidden>
Date: Sun Jan 26 11:14:46 2014 +0800
trust creation allowed with empty roles list
The docs state "A project_id may not be specified without at least
one role, and vice versa.", however /OS-TRUST/trusts does allow you
to create a trust with an empty roles list and project_id specified.
This results in 401 responses whenever you try to consume the trust,
because there are no roles for the trustee on the authorized project.
This patch will add a check in trust creation to ensure at least one
role exists if project_id is supplied.
Change-Id: Iebad0b6b7ed62a 029d1e50afb0036 79bafb1655d
Closes-Bug: #1214064