yahoo-eng-team team mailing list archive

[Alexander Makarov <amakarov@xxxxxxxxxxxx>]

Public bug reported:

>From comment in https://review.openstack.org/#/c/126897/

Hi! The new feature is great, but (unless I did a mistake somewhere) I
cannot create a chained trust specifying roles with "name" as opposed to
"id".

Here's a sample trust POST:
{"trust":{"trustor_user_id":"...","trustee_user_id":"...","project_id":"...","impersonation":true,"roles":[{"name":"admin"}]}}

And an accompanying traceback:

2015-01-19 17:12:36.953 4246 ERROR keystone.common.wsgi [-] 'id'
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi Traceback (most recent call last):
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 223, in __call__
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi     result = method(context, **params)
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/common/controller.py", line 158, in inner
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi     return f(self, context, *args, **kwargs)
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/common/validation/__init__.py", line 36, in wrapper
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi     return func(*args, **kwargs)
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/trust/controllers.py", line 163, in create_trust
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi     redelegated_trust)
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/notifications.py", line 93, in wrapper
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi     result = f(*args, **kwargs)
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/trust/core.py", line 165, in create_trust
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi     self._validate_redelegation(t, trust)
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/trust/core.py", line 85, in _validate_redelegation
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi     if not all(role['id'] in parent_roles for role in trust['roles']):
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/trust/core.py", line 85, in <genexpr>
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi     if not all(role['id'] in parent_roles for role in trust['roles']):
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi KeyError: 'id'
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi

** Affects: keystone
     Importance: Undecided
     Assignee: Alexander Makarov (amakarov)
         Status: New

** Changed in: keystone
     Assignee: (unassigned) => Alexander Makarov (amakarov)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1412846

Title:
  Cannot chain a trust with a role specified by name

Status in OpenStack Identity (Keystone):
  New

Bug description:
  From comment in https://review.openstack.org/#/c/126897/

  Hi! The new feature is great, but (unless I did a mistake somewhere) I
  cannot create a chained trust specifying roles with "name" as opposed
  to "id".

  Here's a sample trust POST:
  {"trust":{"trustor_user_id":"...","trustee_user_id":"...","project_id":"...","impersonation":true,"roles":[{"name":"admin"}]}}

  And an accompanying traceback:

  2015-01-19 17:12:36.953 4246 ERROR keystone.common.wsgi [-] 'id'
  2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi Traceback (most recent call last):
  2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 223, in __call__
  2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi     result = method(context, **params)
  2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/common/controller.py", line 158, in inner
  2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi     return f(self, context, *args, **kwargs)
  2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/common/validation/__init__.py", line 36, in wrapper
  2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi     return func(*args, **kwargs)
  2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/trust/controllers.py", line 163, in create_trust
  2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi     redelegated_trust)
  2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/notifications.py", line 93, in wrapper
  2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi     result = f(*args, **kwargs)
  2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/trust/core.py", line 165, in create_trust
  2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi     self._validate_redelegation(t, trust)
  2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/trust/core.py", line 85, in _validate_redelegation
  2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi     if not all(role['id'] in parent_roles for role in trust['roles']):
  2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/trust/core.py", line 85, in <genexpr>
  2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi     if not all(role['id'] in parent_roles for role in trust['roles']):
  2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi KeyError: 'id'
  2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1412846/+subscriptions