← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #16384

[Bug 1331882] [NEW] trustor_user_id not available in v2 trust token

  Thread PreviousDate PreviousThread Next 
Public bug reported:

The trust information in the v2 token is missing the trustor_user_id and
impersonation values. This means you are unable to tell who gave you the
trust.

The following two examples were generated with the same information.
(They are printed from client.auth_ref which is why they are missing
some structure information)

v2 Trust token:

{u'metadata': {u'is_admin': 0,
               u'roles': [u'136bc06cef2f496f842a76644feaed03',
                          u'7d42773abeff45ea90fdb4067f6b3a9f']},
 u'serviceCatalog': [...],
 u'token': {u'expires': u'2014-06-19T02:41:19Z',
            u'id': u'4b8d23d9707a4c9f8a270759725dfcf8',
            u'issued_at': u'2014-06-19T01:41:19.811417',
            u'tenant': {u'description': u'Default Tenant',
                        u'enabled': True,
                        u'id': u'9029b226bc894fa3a23ec24fd9f4796c',
                        u'name': u'demo'}},
 u'trust': {u'id': u'0b16de31a8c64fd5b0054054db468a00',
            u'trustee_user_id': u'f6cce259563e40acb3f841f5d89c6191'},
 u'user': {u'id': u'f6cce259563e40acb3f841f5d89c6191',
           u'name': u'bob',
           u'roles': [{u'name': u'can_create'}, {u'name': u'can_delete'}],
           u'roles_links': [],
           u'username': u'bob'}}


v3 Trust token: 

{u'OS-TRUST:trust': {u'id': u'0b16de31a8c64fd5b0054054db468a00',
                     u'impersonation': False,
                     u'trustee_user': {u'id': u'f6cce259563e40acb3f841f5d89c6191'},
                     u'trustor_user': {u'id': u'5fcb10539aa646ea8b0fe3c80e15d33d'}},
 'auth_token': '0b8a2d2e081e4e6e8ae3ad5dfedcf9db',
 u'catalog': [...],
 u'expires_at': u'2014-06-19T02:41:19.935302Z',
 u'extras': {},
 u'issued_at': u'2014-06-19T01:41:19.935330Z',
 u'methods': [u'password'],
 u'project': {u'domain': {u'id': u'default', u'name': u'Default'},
              u'id': u'9029b226bc894fa3a23ec24fd9f4796c',
              u'name': u'demo'},
 u'roles': [{u'id': u'136bc06cef2f496f842a76644feaed03',
             u'name': u'can_create'},
            {u'id': u'7d42773abeff45ea90fdb4067f6b3a9f',
             u'name': u'can_delete'}],
 u'user': {u'domain': {u'id': u'default', u'name': u'Default'},
           u'id': u'f6cce259563e40acb3f841f5d89c6191',
           u'name': u'bob'}}

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1331882

Title:
  trustor_user_id not available in v2 trust token

Status in OpenStack Identity (Keystone):
  New

Bug description:
  The trust information in the v2 token is missing the trustor_user_id
  and impersonation values. This means you are unable to tell who gave
  you the trust.

  The following two examples were generated with the same information.
  (They are printed from client.auth_ref which is why they are missing
  some structure information)

  v2 Trust token:

  {u'metadata': {u'is_admin': 0,
                 u'roles': [u'136bc06cef2f496f842a76644feaed03',
                            u'7d42773abeff45ea90fdb4067f6b3a9f']},
   u'serviceCatalog': [...],
   u'token': {u'expires': u'2014-06-19T02:41:19Z',
              u'id': u'4b8d23d9707a4c9f8a270759725dfcf8',
              u'issued_at': u'2014-06-19T01:41:19.811417',
              u'tenant': {u'description': u'Default Tenant',
                          u'enabled': True,
                          u'id': u'9029b226bc894fa3a23ec24fd9f4796c',
                          u'name': u'demo'}},
   u'trust': {u'id': u'0b16de31a8c64fd5b0054054db468a00',
              u'trustee_user_id': u'f6cce259563e40acb3f841f5d89c6191'},
   u'user': {u'id': u'f6cce259563e40acb3f841f5d89c6191',
             u'name': u'bob',
             u'roles': [{u'name': u'can_create'}, {u'name': u'can_delete'}],
             u'roles_links': [],
             u'username': u'bob'}}

  
  v3 Trust token: 

  {u'OS-TRUST:trust': {u'id': u'0b16de31a8c64fd5b0054054db468a00',
                       u'impersonation': False,
                       u'trustee_user': {u'id': u'f6cce259563e40acb3f841f5d89c6191'},
                       u'trustor_user': {u'id': u'5fcb10539aa646ea8b0fe3c80e15d33d'}},
   'auth_token': '0b8a2d2e081e4e6e8ae3ad5dfedcf9db',
   u'catalog': [...],
   u'expires_at': u'2014-06-19T02:41:19.935302Z',
   u'extras': {},
   u'issued_at': u'2014-06-19T01:41:19.935330Z',
   u'methods': [u'password'],
   u'project': {u'domain': {u'id': u'default', u'name': u'Default'},
                u'id': u'9029b226bc894fa3a23ec24fd9f4796c',
                u'name': u'demo'},
   u'roles': [{u'id': u'136bc06cef2f496f842a76644feaed03',
               u'name': u'can_create'},
              {u'id': u'7d42773abeff45ea90fdb4067f6b3a9f',
               u'name': u'can_delete'}],
   u'user': {u'domain': {u'id': u'default', u'name': u'Default'},
             u'id': u'f6cce259563e40acb3f841f5d89c6191',
             u'name': u'bob'}}

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1331882/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next