yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1534834] [NEW] Policy check forces impersonation for redelgation of trust

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Adam Young <1534834@xxxxxxxxxxxxxxxxxx>
Date: Fri, 15 Jan 2016 21:43:23 -0000
Reply-to: Bug 1534834 <1534834@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

When redelegating a trust, the API specifies that the trustor_id is the
original trustor_id.  However, the policy check for create_trust
enforces that user_id = trust.trustor_user_id. Effectily limiting the
redelgation ofr trusts to trusts which  provide impersonation.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1534834

Title:
  Policy check forces impersonation for redelgation of trust

Status in OpenStack Identity (keystone):
  New

Bug description:
  When redelegating a trust, the API specifies that the trustor_id is
  the original trustor_id.  However, the policy check for create_trust
  enforces that user_id = trust.trustor_user_id. Effectily limiting the
  redelgation ofr trusts to trusts which  provide impersonation.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1534834/+subscriptions

Follow ups

[Bug 1534834] Re: Policy check forces impersonation for redelgation of trust
From: Steve Martinelli, 2016-02-10