All user tokens are considered revoked on it's group role revocation
Bug #1402760 reported by
Alexander Makarov
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Alexander Makarov | ||
Kilo |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The case for the bug:
- User authenticates and receives a token scoped to the project1
- User authenticates and receives a token scoped to the project2
- User joins the group
- Group is granted a role to the project1
- Group role grant to the project1 is revoked
Result:
All user tokens are considered revoked.
Analysis:
Revoke model lacks correct token by group revocation - it is done through revocation by user, what results in described effect.
Changed in keystone: | |
assignee: | nobody → Haneef Ali (haneef) |
status: | New → In Progress |
Changed in keystone: | |
importance: | Undecided → Medium |
milestone: | none → kilo-rc1 |
tags: | added: kilo-rc-potential |
Changed in keystone: | |
milestone: | kilo-rc1 → none |
Changed in keystone: | |
assignee: | Alexander Makarov (amakarov) → Adam Young (ayoung) |
Changed in keystone: | |
assignee: | Adam Young (ayoung) → Alexander Makarov (amakarov) |
Changed in keystone: | |
milestone: | none → kilo-rc1 |
Changed in keystone: | |
milestone: | kilo-rc1 → liberty-1 |
tags: | removed: kilo-rc-potential |
Changed in keystone: | |
milestone: | liberty-1 → liberty-2 |
Changed in keystone: | |
status: | In Progress → Fix Committed |
Changed in keystone: | |
status: | Fix Committed → Fix Released |
tags: | added: kilo-backport-potential |
Changed in keystone: | |
milestone: | liberty-2 → 8.0.0 |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/141854
Review: https:/