Hello, Decided to start a new thread due to too much technical details in old thread. (You can see thread *[openstack-dev] [keystone] [nova]* )
*The problem:* Trusts can not be used to retrieve a token for further work with python-<project>client. I made some research for trust's use cases. The main goal of trusts is clear to me: delegation of privileges of one user to another on specific time (or limitless). But if I get a trust and then get a token from it, it can not be used in any python-client. The reason why it happens so - is 'authenticate' method in almost all python-clients. This method request a keystone for authentication and get a new auth token. But in case of trust-scoped token it can't be true - this method always return '403 Forbidden' [1] *The question:* Is there a way to create a trust and use it for requests to any other service? E.g., We can get a token from trust and use it (but actually, we are not). Or am I misunderstanding trust's purpose? How are trusts should worked? [1] https://github.com/openstack/keystone/blob/master/keystone/token/controllers.py#L154-L156 Best Regards, Nikolay Makhotkin @Mirantis
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
