/auth/projects fails to include any projects that have inherited group roles
Bug #1385694 reported by
Henry Nash
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Henry Nash | ||
Juno |
Fix Released
|
High
|
Brant Knudson |
Bug Description
The /auth/projects API call is meant to return list of projects for which the user could ask for a project-scoped token - i.e. any project on which they have a role. However, the code does not look at any roles that a group may have on a domain that are marked as inherited to projects - hence failing to include these projects in the list.
Changed in keystone: | |
status: | New → Confirmed |
status: | Confirmed → Triaged |
description: | updated |
tags: | added: juno-backport-potential |
Changed in keystone: | |
milestone: | none → kilo-1 |
Changed in keystone: | |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | kilo-1 → 2015.1.0 |
To post a comment you must log in.
As an aside, it DOES check for user inherited roles, just not group ones.