Domain role grants need to be honored in token authentication
Bug #1093248 reported by
Henry Nash
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Identity (keystone) |
Fix Released
|
High
|
Henry Nash | ||
Bug Description
The current token authentication (including the changes for user groups) doesn't properly take into account any domain grants. The correct implementation depends on how whether we decide to implement blueprint: https:/
| Changed in keystone: | |
| assignee: | nobody → Henry Nash (henry-nash) |
| Changed in keystone: | |
| status: | New → In Progress |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to keystone (master) | #1 |
| Changed in keystone: | |
| status: | In Progress → Fix Committed |
| Changed in keystone: | |
| status: | Fix Committed → In Progress |
| Changed in keystone: | |
| milestone: | none → grizzly-rc1 |
| Changed in keystone: | |
| importance: | Undecided → High |
| Changed in keystone: | |
| milestone: | grizzly-rc1 → grizzly-3 |
| Changed in keystone: | |
| status: | In Progress → Fix Committed |
| Changed in keystone: | |
| status: | Fix Committed → Fix Released |
| Changed in keystone: | |
| milestone: | grizzly-3 → 2013.1 |
To post a comment you must log in.
Reviewed: https:/
Committed: http://
Submitter: Jenkins
Branch: master
commit 4fae928c59beaa5
Author: Henry Nash <email address hidden>
Date: Thu Dec 13 16:48:13 2012 +0000
Keystone server support for user groups
This implements the server side of groups of users. This
set of code provides all the crud functionality for groups as
well as the corresponding support for role assignments.
blueprint user-groups
The following deficiencies existing with the current version and
will be corrected ahead of the final Grizzly release:
1) There is only placeholder support for LDAP (Bug #1092187)
2) Domain role grants are accepted but not yet honored (Bug #1093248)
3) Token invalidation does not occur with group changes (Bug #1093493)
This update also fills in missing v3 grant unit testing and v3 grant
support within the kvs backend. In addition, there is a fix for
Bug #1092200 (uncaught exception when listing grants)
DocImpact
Change-Id: Ibd1783b04b2d78