OpenStack Identity (keystone)

A user with a role on a project should be able to issue a GET /project call

Bug #1535878 reported by Henry Nash on 2016-01-19

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	Medium	Ajaya Agrawal	OpenStack Identity (keystone) mitaka-3 "m3"

Bug Description

Currently, we require project admin or "higher" in order to issue a GET /project call. This seems overly restrictive, since if you have a role on a project, I would think you should be able to issue GET /project. Further, there are cases (such as other projects wanting work work au quotas) where being able to get the info on a project (such as it's parent) that are important.

Tags:

Steve Martinelli (stevemar) on 2016-01-19

tags:	added: quotas
Changed in keystone:
milestone:	none → mitaka-3
importance:	Undecided → Medium

Henry Nash (henry-nash) on 2016-01-19

summary:

- A role with a role on a project should be able to issue a GET /project
+ A user with a role on a project should be able to issue a GET /project
call

Lin Hua Cheng (lin-hua-cheng) on 2016-01-19

Changed in keystone:
status:	New → Confirmed

Ajaya Agrawal (ajayaa) on 2016-01-20

Changed in keystone:
assignee:	nobody → Ajaya Agrawal (ajayaa)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-01-20: Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/270057

Changed in keystone:
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-01-20:

Fix proposed to branch: master
Review: https://review.openstack.org/270513

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-01-20: Change abandoned on keystone (master)

Change abandoned by Ajaya Agrawal (<email address hidden>) on branch: master
Review: https://review.openstack.org/270513

OpenStack Infra (hudson-openstack) on 2016-01-27

Changed in keystone:
assignee:	Ajaya Agrawal (ajayaa) → Henry Nash (henry-nash)

OpenStack Infra (hudson-openstack) on 2016-02-11

Changed in keystone:
assignee:	Henry Nash (henry-nash) → Samuel de Medeiros Queiroz (samueldmq)

Samuel de Medeiros Queiroz (samueldmq) on 2016-02-11

Changed in keystone:
assignee:	Samuel de Medeiros Queiroz (samueldmq) → Ajaya Agrawal (ajayaa)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-02-11: Fix merged to keystone (master)

Reviewed: https://review.openstack.org/270057
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=38e115d385153a631216a120df68a903b2faa6d7
Submitter: Jenkins
Branch: master

commit 38e115d385153a631216a120df68a903b2faa6d7
Author: Ajaya Agrawal <email address hidden>
Date: Wed Jan 20 08:41:33 2016 +0000

Change get_project permission

    Previously to issue GET /project a user needed
    at least project_admin level of permission. With
    this change, a user can issue GET /project by just
    having a role on the project.

Change-Id: I9d23edc22eb88d0b21ab8968dfbe63661220a6fd
Closes-Bug: 1535878

Changed in keystone:
status:	In Progress → Fix Released

Revision history for this message

Thierry Carrez (ttx) wrote on 2016-03-03: Fix included in openstack/keystone 9.0.0.0b3

This issue was fixed in the openstack/keystone 9.0.0.0b3 development milestone.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.