Hi, I have a question for the keystone folks re the expected behavior when deleting a trust.
Is it expected that you can only ever delete a trust as the user who created it, and that you can *not* delete the trust when impersonating that user using a token obtained via that trust? The reason for this question, is for the Heat use-case, this may represent a significant operational limitation, since it implies that the user who creates the stack is the only one who can ever delete it. Current Heat behavior is to allow any user in the same tenant, provided they have the requisite roles, to delete the stack, which AFAICT atm will not be possible when using trusts. Clarification as to whether this is as-designed or a bug somewhere much appreciated, thanks! Steve _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
