v3 grant/revoke roles to not invalidate existing tokens
Bug #1093493 reported by
Henry Nash
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Critical
|
Henry Nash |
Bug Description
The new v3 code for granting/revoking tokens (including the new group roles) do not currently call the token controller to invalidate any existing tokens
Changed in keystone: | |
assignee: | nobody → Henry Nash (henry-nash) |
status: | New → In Progress |
Changed in keystone: | |
status: | Fix Committed → In Progress |
Changed in keystone: | |
milestone: | none → grizzly-rc1 |
Changed in keystone: | |
importance: | Undecided → Critical |
Changed in keystone: | |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | grizzly-rc1 → 2013.1 |
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/18097 github. com/openstack/ keystone/ commit/ 4fae928c59beaa5 58306a5aa3a3aa5 c6f4945b70
Committed: http://
Submitter: Jenkins
Branch: master
commit 4fae928c59beaa5 58306a5aa3a3aa5 c6f4945b70
Author: Henry Nash <email address hidden>
Date: Thu Dec 13 16:48:13 2012 +0000
Keystone server support for user groups
This implements the server side of groups of users. This
set of code provides all the crud functionality for groups as
well as the corresponding support for role assignments.
blueprint user-groups
The following deficiencies existing with the current version and
will be corrected ahead of the final Grizzly release:
1) There is only placeholder support for LDAP (Bug #1092187)
2) Domain role grants are accepted but not yet honored (Bug #1093248)
3) Token invalidation does not occur with group changes (Bug #1093493)
This update also fills in missing v3 grant unit testing and v3 grant
support within the kvs backend. In addition, there is a fix for
Bug #1092200 (uncaught exception when listing grants)
DocImpact
Change-Id: Ibd1783b04b2d78 04eff90312e5ef5 91dca4d0695