yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1331882] Re: trustor_user_id not available in v2 trust token

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Dolph Mathews <1331882@xxxxxxxxxxxxxxxxxx>
Date: Wed, 10 Sep 2014 14:47:20 -0000
Reply-to: Bug 1331882 <1331882@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Also affects: ossn
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1331882

Title:
  trustor_user_id not available in v2 trust token

Status in OpenStack Identity (Keystone):
  In Progress
Status in OpenStack Security Notes:
  New

Bug description:
  The trust information in the v2 token is missing the trustor_user_id
  and impersonation values. This means you are unable to tell who gave
  you the trust.

  The following two examples were generated with the same information.
  (They are printed from client.auth_ref which is why they are missing
  some structure information)

  v2 Trust token:

  {u'metadata': {u'is_admin': 0,
                 u'roles': [u'136bc06cef2f496f842a76644feaed03',
                            u'7d42773abeff45ea90fdb4067f6b3a9f']},
   u'serviceCatalog': [...],
   u'token': {u'expires': u'2014-06-19T02:41:19Z',
              u'id': u'4b8d23d9707a4c9f8a270759725dfcf8',
              u'issued_at': u'2014-06-19T01:41:19.811417',
              u'tenant': {u'description': u'Default Tenant',
                          u'enabled': True,
                          u'id': u'9029b226bc894fa3a23ec24fd9f4796c',
                          u'name': u'demo'}},
   u'trust': {u'id': u'0b16de31a8c64fd5b0054054db468a00',
              u'trustee_user_id': u'f6cce259563e40acb3f841f5d89c6191'},
   u'user': {u'id': u'f6cce259563e40acb3f841f5d89c6191',
             u'name': u'bob',
             u'roles': [{u'name': u'can_create'}, {u'name': u'can_delete'}],
             u'roles_links': [],
             u'username': u'bob'}}

  
  v3 Trust token: 

  {u'OS-TRUST:trust': {u'id': u'0b16de31a8c64fd5b0054054db468a00',
                       u'impersonation': False,
                       u'trustee_user': {u'id': u'f6cce259563e40acb3f841f5d89c6191'},
                       u'trustor_user': {u'id': u'5fcb10539aa646ea8b0fe3c80e15d33d'}},
   'auth_token': '0b8a2d2e081e4e6e8ae3ad5dfedcf9db',
   u'catalog': [...],
   u'expires_at': u'2014-06-19T02:41:19.935302Z',
   u'extras': {},
   u'issued_at': u'2014-06-19T01:41:19.935330Z',
   u'methods': [u'password'],
   u'project': {u'domain': {u'id': u'default', u'name': u'Default'},
                u'id': u'9029b226bc894fa3a23ec24fd9f4796c',
                u'name': u'demo'},
   u'roles': [{u'id': u'136bc06cef2f496f842a76644feaed03',
               u'name': u'can_create'},
              {u'id': u'7d42773abeff45ea90fdb4067f6b3a9f',
               u'name': u'can_delete'}],
   u'user': {u'domain': {u'id': u'default', u'name': u'Default'},
             u'id': u'f6cce259563e40acb3f841f5d89c6191',
             u'name': u'bob'}}

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1331882/+subscriptions

References

[Bug 1331882] [NEW] trustor_user_id not available in v2 trust token
From: Jamie Lennox, 2014-06-19