Domain role grants need to be honored in token authentication

Bug #1093248 reported by Henry Nash
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
High
Henry Nash

Bug Description

The current token authentication (including the changes for user groups) doesn't properly take into account any domain grants. The correct implementation depends on how whether we decide to implement blueprint: https://blueprints.launchpad.net/keystone/+spec/domain-role-assignment

Henry Nash (henry-nash)
Changed in keystone:
assignee: nobody → Henry Nash (henry-nash)
Changed in keystone:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/18097
Committed: http://github.com/openstack/keystone/commit/4fae928c59beaa558306a5aa3a3aa5c6f4945b70
Submitter: Jenkins
Branch: master

commit 4fae928c59beaa558306a5aa3a3aa5c6f4945b70
Author: Henry Nash <email address hidden>
Date: Thu Dec 13 16:48:13 2012 +0000

    Keystone server support for user groups

    This implements the server side of groups of users. This
    set of code provides all the crud functionality for groups as
    well as the corresponding support for role assignments.

    blueprint user-groups

    The following deficiencies existing with the current version and
    will be corrected ahead of the final Grizzly release:

    1) There is only placeholder support for LDAP (Bug #1092187)
    2) Domain role grants are accepted but not yet honored (Bug #1093248)
    3) Token invalidation does not occur with group changes (Bug #1093493)

    This update also fills in missing v3 grant unit testing and v3 grant
    support within the kvs backend. In addition, there is a fix for
    Bug #1092200 (uncaught exception when listing grants)

    DocImpact

    Change-Id: Ibd1783b04b2d7804eff90312e5ef591dca4d0695

Changed in keystone:
status: In Progress → Fix Committed
Henry Nash (henry-nash)
Changed in keystone:
status: Fix Committed → In Progress
Henry Nash (henry-nash)
Changed in keystone:
milestone: none → grizzly-rc1
Henry Nash (henry-nash)
Changed in keystone:
importance: Undecided → High
Thierry Carrez (ttx)
Changed in keystone:
milestone: grizzly-rc1 → grizzly-3
Thierry Carrez (ttx)
Changed in keystone:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in keystone:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in keystone:
milestone: grizzly-3 → 2013.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.