Domain role grants need to be honored in token authentication
Bug #1093248 reported by
Henry Nash
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
High
|
Henry Nash |
Bug Description
The current token authentication (including the changes for user groups) doesn't properly take into account any domain grants. The correct implementation depends on how whether we decide to implement blueprint: https:/
Changed in keystone: | |
assignee: | nobody → Henry Nash (henry-nash) |
Changed in keystone: | |
status: | New → In Progress |
Changed in keystone: | |
status: | Fix Committed → In Progress |
Changed in keystone: | |
milestone: | none → grizzly-rc1 |
Changed in keystone: | |
importance: | Undecided → High |
Changed in keystone: | |
milestone: | grizzly-rc1 → grizzly-3 |
Changed in keystone: | |
status: | In Progress → Fix Committed |
Changed in keystone: | |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | grizzly-3 → 2013.1 |
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/18097 github. com/openstack/ keystone/ commit/ 4fae928c59beaa5 58306a5aa3a3aa5 c6f4945b70
Committed: http://
Submitter: Jenkins
Branch: master
commit 4fae928c59beaa5 58306a5aa3a3aa5 c6f4945b70
Author: Henry Nash <email address hidden>
Date: Thu Dec 13 16:48:13 2012 +0000
Keystone server support for user groups
This implements the server side of groups of users. This
set of code provides all the crud functionality for groups as
well as the corresponding support for role assignments.
blueprint user-groups
The following deficiencies existing with the current version and
will be corrected ahead of the final Grizzly release:
1) There is only placeholder support for LDAP (Bug #1092187)
2) Domain role grants are accepted but not yet honored (Bug #1093248)
3) Token invalidation does not occur with group changes (Bug #1093493)
This update also fills in missing v3 grant unit testing and v3 grant
support within the kvs backend. In addition, there is a fix for
Bug #1092200 (uncaught exception when listing grants)
DocImpact
Change-Id: Ibd1783b04b2d78 04eff90312e5ef5 91dca4d0695