yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #27035
[Bug 1412846] [NEW] Cannot chain a trust with a role specified by name
Public bug reported:
>From comment in https://review.openstack.org/#/c/126897/
Hi! The new feature is great, but (unless I did a mistake somewhere) I
cannot create a chained trust specifying roles with "name" as opposed to
"id".
Here's a sample trust POST:
{"trust":{"trustor_user_id":"...","trustee_user_id":"...","project_id":"...","impersonation":true,"roles":[{"name":"admin"}]}}
And an accompanying traceback:
2015-01-19 17:12:36.953 4246 ERROR keystone.common.wsgi [-] 'id'
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi Traceback (most recent call last):
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 223, in __call__
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi result = method(context, **params)
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/controller.py", line 158, in inner
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi return f(self, context, *args, **kwargs)
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/validation/__init__.py", line 36, in wrapper
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi return func(*args, **kwargs)
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/trust/controllers.py", line 163, in create_trust
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi redelegated_trust)
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/notifications.py", line 93, in wrapper
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi result = f(*args, **kwargs)
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/trust/core.py", line 165, in create_trust
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi self._validate_redelegation(t, trust)
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/trust/core.py", line 85, in _validate_redelegation
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi if not all(role['id'] in parent_roles for role in trust['roles']):
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/trust/core.py", line 85, in <genexpr>
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi if not all(role['id'] in parent_roles for role in trust['roles']):
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi KeyError: 'id'
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi
** Affects: keystone
Importance: Undecided
Assignee: Alexander Makarov (amakarov)
Status: New
** Changed in: keystone
Assignee: (unassigned) => Alexander Makarov (amakarov)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1412846
Title:
Cannot chain a trust with a role specified by name
Status in OpenStack Identity (Keystone):
New
Bug description:
From comment in https://review.openstack.org/#/c/126897/
Hi! The new feature is great, but (unless I did a mistake somewhere) I
cannot create a chained trust specifying roles with "name" as opposed
to "id".
Here's a sample trust POST:
{"trust":{"trustor_user_id":"...","trustee_user_id":"...","project_id":"...","impersonation":true,"roles":[{"name":"admin"}]}}
And an accompanying traceback:
2015-01-19 17:12:36.953 4246 ERROR keystone.common.wsgi [-] 'id'
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi Traceback (most recent call last):
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 223, in __call__
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi result = method(context, **params)
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/controller.py", line 158, in inner
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi return f(self, context, *args, **kwargs)
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/validation/__init__.py", line 36, in wrapper
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi return func(*args, **kwargs)
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/trust/controllers.py", line 163, in create_trust
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi redelegated_trust)
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/notifications.py", line 93, in wrapper
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi result = f(*args, **kwargs)
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/trust/core.py", line 165, in create_trust
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi self._validate_redelegation(t, trust)
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/trust/core.py", line 85, in _validate_redelegation
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi if not all(role['id'] in parent_roles for role in trust['roles']):
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/trust/core.py", line 85, in <genexpr>
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi if not all(role['id'] in parent_roles for role in trust['roles']):
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi KeyError: 'id'
2015-01-19 17:12:36.953 4246 TRACE keystone.common.wsgi
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1412846/+subscriptions
Follow ups
References