On 06/07/2016 10:28 AM, Gyorgy Szombathelyi wrote:
Hi!
As an OIDC user, tried to play with Heat and Murano recently. They usually fail
with a trust creation error, noticing that keystone cannot find the _member_
role while creating the trust.
Hmmm...that should not be the case. The user in question should have a
role on the project, but getting it via a group is OK.
I suspect the problem is the Ephemeral nature of Federated users. With
the Shadow user construct (under construction) there would be something
to use.
Please file a bug on this and assign it to me (or notify me if you can't
assign).
Since a federated user is not really have a role in a project, but it is a
member of a group, which has the appropriate role(s), I suspect that this will
never work with Federation?
Or is it a known/general problem with trusts and groups? I cannot really decide
if it is a problem at the Heat, or the Keystone side, can you give me some
advice?
If it is not an error in the code, but in my setup, then please forgive me this
stupid question.
Br,
György
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
