Assignment link in Get /role_assignments not correct for expanded group entries

Bug #1201374 reported by Henry Nash on 2013-07-15
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Medium
Henry Nash

Bug Description

If you call 'GET /role_assignments?effective', then any group grants are expanded in the response to be user grants for each member of the group. Although these entries are correctly returned, the assignment link in such entities does not match the spec. It should return (something like):

http://identity:35357/v3/projects/proj_id/groups/group_id/roles/role_id

but instead in returns:

http://identity:35357/v3/projects/proj_id/users/user_id/roles/role_id

Calling GET /role_assignments without the 'effective' flag returns the correct link

Henry Nash (henry-nash) on 2013-07-15
Changed in keystone:
milestone: none → havana-3
Dolph Mathews (dolph) on 2013-07-15
Changed in keystone:
status: New → Triaged

Fix proposed to branch: master
Review: https://review.openstack.org/37104

Changed in keystone:
status: Triaged → In Progress

Reviewed: https://review.openstack.org/37104
Committed: http://github.com/openstack/keystone/commit/2af9ce342788fdd3e407141a233c5393b061ffb0
Submitter: Jenkins
Branch: master

commit 2af9ce342788fdd3e407141a233c5393b061ffb0
Author: Henry Nash <email address hidden>
Date: Mon Jul 15 20:21:02 2013 +0100

    Return correct link for effective group roles in GET /role_assignments

    The assignment link returned for roles that are included by virtue of
    group membership should refer to the group assignment that led to this
    role, rather than a direct user assignment.

    Fixes bug 1201374

    Change-Id: Ic649e7eb4633e258264f27280d938a08af380921

Changed in keystone:
status: In Progress → Fix Committed
Thierry Carrez (ttx) on 2013-09-05
Changed in keystone:
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2013-10-17
Changed in keystone:
milestone: havana-3 → 2013.2
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers