FYI: I have just figured out that my tokens were stored in mysql DB so clearing them (or using memcached tokens) would get the tokens properly invalided after update.
I still believe there is a bug that we need to delete the token belonging to the tenants when we update it in :
I think we can remove the security issue tag (but that's definitvely a bug) since this can be workarounded but I would like some feedback from keystone core devs first.
FYI: I have just figured out that my tokens were stored in mysql DB so clearing them (or using memcached tokens) would get the tokens properly invalided after update.
I still believe there is a bug that we need to delete the token belonging to the tenants when we update it in :
https:/ /github. com/openstack/ keystone/ blob/master/ keystone/ identity/ controllers. py#L108
like done for users :
https:/ /github. com/openstack/ keystone/ blob/master/ keystone/ identity/ controllers. py#L220
I think we can remove the security issue tag (but that's definitvely a bug) since this can be workarounded but I would like some feedback from keystone core devs first.