Hi, I'm looking at configuring our Heat deployment to use trusts as the deferred auth method. The requirement to grant each user the heat_stack_owner role (or similar) makes things a bit awkward, since we allow users to grant each other membership within a project and don't want them to have to worry about specific roles for different services.
I'm considering just setting: trusts_delegated_roles=member But I'm wondering if there are any security implications in doing this that I haven't considered? Obviously we'd lose the ability to restrict exactly what Heat can do with this trust, but it seems like this is still a better alternative than not using trusts at all? Cheers, Kieran _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
