OpenStack Identity (keystone)

User cannot set their own default project

Bug #1240625 reported by Adam Young on 2013-10-16

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Won't Fix	Wishlist	Unassigned

Bug Description

Setting Default project will create an assignment if it does not exist. However, if the relationship does exist, the user is stuck with the project that they were origianlly assigned to. If this project gets deleted, they may have a valid project, but no default project, and all of the problems that come along with that.

If the user could set their own default project to a project that they already have a role in, the problem goes away.

Revision history for this message

Dolph Mathews (dolph) wrote on 2013-10-16:

This was introduced by the fix for bug 1237989 in havana and would be resolved by https://blueprints.launchpad.net/keystone/+spec/attribute-access-privilege-based-on-role

Revision history for this message

Dolph Mathews (dolph) wrote on 2014-02-05:

Unassigning due to inactivity.

Changed in keystone:
assignee:	Adam Young (ayoung) → nobody

Revision history for this message

Ajaya Agrawal (ajayaa) wrote on 2014-06-09:

I understand that this bug would go away if the blueprint is implemented. Is someone working on the blueprint or is it not high on priority right now?

Morgan Fainberg (mdrnstm) on 2014-09-21

Changed in keystone:
status:	New → Confirmed

Samuel de Medeiros Queiroz (samueldmq) on 2014-11-26

Changed in keystone:
assignee:	nobody → Samuel de Medeiros Queiroz (samuel-z)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-11-26: Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/137254

Changed in keystone:
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-01-26: Change abandoned on keystone (master)

Change abandoned by Samuel de Medeiros Queiroz (<email address hidden>) on branch: master
Review: https://review.openstack.org/137254
Reason: It is a gap in the capabilities of a user. If we go down that path, maybe we need to make a user to update everything about themselves, not just password. Also, we can't just change the policy in this case, especially since changing the default project in v2 has access implications.

Revision history for this message

Steve Martinelli (stevemar) wrote on 2016-02-21:

unassigning due to inactivity

Changed in keystone:
assignee:	Samuel de Medeiros Queiroz (samueldmq) → nobody
status:	In Progress → Triaged

Revision history for this message

Steve Martinelli (stevemar) wrote on 2016-02-21:

Is this still a bug? Do we really want the user to be able to specify their own default project?

Actually, I thought the user could update the default project as part of a patch request? -- ah, but updating the user may not be in their policy...

I agree with samuel that this opens a new can of worms given our current design.

Ron De Rose (ronald-de-rose) on 2016-03-16

Changed in keystone:
assignee:	nobody → Ron De Rose (ronald-de-rose)

Revision history for this message

Steve Martinelli (stevemar) wrote on 2016-08-01:

unassigning due to inactivity

Changed in keystone:
assignee:	Ron De Rose (ronald-de-rose) → nobody

Revision history for this message

Steve Martinelli (stevemar) wrote on 2016-11-15:

See previous comments

Changed in keystone:
status:	Triaged → Won't Fix

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.