← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1489260] [NEW] trust details unvailable for admin token

 

Public bug reported:

When authenticated via admin token, trusts details are not available.

Trusts can be listed:
-------------------------------
# openstack trust list -f csv
"ID","Expires At","Impersonation","Project ID","Trustee User ID","Trustor User ID"
"259d57b4998c484892ae3bdd7a84f147","2101-01-01T01:01:01.000000Z",False,"a41030cd0872497893c0f00a29996961","64eea97a9ea54981a41cc7e40944a181","6bb8aef337134b948dcbc0bd6ac34633"
-------------------------------

But details cannot be shown:
-------------------------------
# openstack trust show 259d57b4998c484892ae3bdd7a84f147
ERROR: openstack No trust with a name or ID of '259d57b4998c484892ae3bdd7a84f147' exists.
-------------------------------

>From the debug mode we can see the rejected authorization to perform the requested action:
http://paste.openstack.org/raw/427927/

I discussed the issue with jamielennox who confirmed that the trust details are visible only by the trustor/trustee:
https://github.com/openstack/keystone/blob/master/keystone/trust/controllers.py#L75


But I believe (and jamielennox) that the admin token should have access to it too.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1489260

Title:
  trust details unvailable for admin token

Status in Keystone:
  New

Bug description:
  When authenticated via admin token, trusts details are not available.

  Trusts can be listed:
  -------------------------------
  # openstack trust list -f csv
  "ID","Expires At","Impersonation","Project ID","Trustee User ID","Trustor User ID"
  "259d57b4998c484892ae3bdd7a84f147","2101-01-01T01:01:01.000000Z",False,"a41030cd0872497893c0f00a29996961","64eea97a9ea54981a41cc7e40944a181","6bb8aef337134b948dcbc0bd6ac34633"
  -------------------------------

  But details cannot be shown:
  -------------------------------
  # openstack trust show 259d57b4998c484892ae3bdd7a84f147
  ERROR: openstack No trust with a name or ID of '259d57b4998c484892ae3bdd7a84f147' exists.
  -------------------------------

  From the debug mode we can see the rejected authorization to perform the requested action:
  http://paste.openstack.org/raw/427927/

  I discussed the issue with jamielennox who confirmed that the trust details are visible only by the trustor/trustee:
  https://github.com/openstack/keystone/blob/master/keystone/trust/controllers.py#L75

  
  But I believe (and jamielennox) that the admin token should have access to it too.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1489260/+subscriptions


Follow ups