OpenStack Identity (keystone)

LDAP Assignment backend does not support all v3 APIs

Bug #1221805 reported by Henry Nash
20
This bug affects 4 people
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Won't Fix
Wishlist
Adam Young

Bug Description

The LDAP assignment backend is missing support for several of the v3 APIs, for example:

- Role Grant CRUD
- GET /role_assignments

Now that we have split identity, we need to decide how we maintain the LDAP assignment backend, i.e.:

- Bring it up to full spec
- Freeze as is
- Depreciate it
- etc.

Tags: ldap
Revision history for this message
Jose Castro Leon (jose-castro-leon) wrote :

It does not implement the following APIs

create_grant
list_grants
get_grant
delete_grant
list_role_assignments
get_domain_by_name
list_user_projects

Marcos Lobo (marcos-fermin-lobo)
Changed in keystone:
assignee: nobody → Marcos Lobo (marcos-fermin-lobo)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/56940

Changed in keystone:
status: New → In Progress
OpenStack Infra (hudson-openstack)
Changed in keystone:
assignee: Marcos Lobo (marcos-fermin-lobo) → Adam Young (ayoung)
OpenStack Infra (hudson-openstack)
Changed in keystone:
assignee: Adam Young (ayoung) → Dolph Mathews (dolph)
OpenStack Infra (hudson-openstack)
Changed in keystone:
assignee: Dolph Mathews (dolph) → Adam Young (ayoung)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/56940
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=829a2349312c2c294df22c55c76fb0b0afda200f
Submitter: Jenkins
Branch: master

commit 829a2349312c2c294df22c55c76fb0b0afda200f
Author: Marcos Lobo <email address hidden>
Date: Mon Nov 18 14:59:46 2013 +0100

    LDAP Assignment does not support grant v3 API

    The LDAP assignment backend is missing support for several of the v3
    APIs. This patch implements Role Grant CRUD for V3 Assignment API:

    - Role Grant CRUD
      + create_grant
      + get_grant
      + delete_grant
      + update_grant

    - GET /role_assignments
      + list_role_assignments

    Closes-Bug: #1248952
    Partial-Bug: #1101287
    Partial-Bug: #1221805

    Change-Id: I1fb247b538e6a11085a18f0103cb8508d58e664f

Dolph Mathews (dolph)
tags: added: ldap
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to keystone (master)

Reviewed: https://review.openstack.org/158029
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=ed9324ee325b48f26a3883f9d43d96df15ed186b
Submitter: Jenkins
Branch: master

commit ed9324ee325b48f26a3883f9d43d96df15ed186b
Author: Samuel de Medeiros Queiroz <email address hidden>
Date: Sat Feb 21 01:22:20 2015 -0300

    Remove invalid comment/statement at role manager

    An invalid comment and unecessary try except
    statement are removed from role backend.

    Since list_role_assignments_for_role is
    implemented at assignment manager level and uses
    list_role_assignments, which is currently
    implemented by both sql and ldap backends, the
    added comment is invalid and the related bug
    is partially implemented.

    Related-Bug: #1221805

    Change-Id: I55a4df5aae4f21dc64738b0ddf53580d890b9d1c

Revision history for this message
David Stanek (dstanek) wrote :

The LDAP assignment is deprecated as of Kilo so I don't see any reason to allow implementers to use it more.

Changed in keystone:
status: In Progress → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.