OpenStack Identity (keystone)

Assignment API confirms user in Identity API

Bug #1211388 reported by Adam Young
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Medium
Adam Young
OpenStack Identity (keystone) 2013.2 "havana"

Bug Description

In get_roles_for_user_and_domain and get_roles_for_user_and_project, the assignment API calls into the Identity API to confirm that the user exists. This call is makes it impossible to implement external authentication where the user is queried solely based on their current credential. Also, this call is not required, as the user liveness will and should be checked earlier in the token creation process.

If it is important for a certain API call to check if a user uis active, it should be part of the controler call and not part of the core function.

These calls are expensive; the make an additional RPC to the Database or Directory store.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/41471

Changed in keystone:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/41471
Committed: http://github.com/openstack/keystone/commit/3be931165c6e218aaa5355a1f435ae58eb4484eb
Submitter: Jenkins
Branch: master

commit 3be931165c6e218aaa5355a1f435ae58eb4484eb
Author: Adam Young <email address hidden>
Date: Mon Aug 12 12:51:59 2013 -0400

    Remove User Check from Assignments

    Removed tests that assume too tight a coupling between identity
    and assignment backends.

    Bug 1211388

    Change-Id: I45e05273282e3c8cc79f48891e436d7694825f9e

Changed in keystone:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in keystone:
milestone: none → havana-3
status: Fix Committed → Fix Released
Dolph Mathews (dolph)
Changed in keystone:
importance: Undecided → Medium
Thierry Carrez (ttx)
Changed in keystone:
milestone: havana-3 → 2013.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.