the token still can be used if the EC2 credential has been deleted

Bug #1305566 reported by wanghong on 2014-04-10
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Low
Unassigned

Bug Description

Currently, the associated tokens are not deleted when deleting ec2 credential. So, the token got before can still be used.

Dolph Mathews (dolph) wrote :

This would be a great place to emit revocation events in Juno.

Changed in keystone:
importance: Undecided → Medium
status: New → Triaged
tags: added: security
summary: - the token still can be used if the credential has been deleted
+ the token still can be used if the EC2 credential has been deleted
wanghong (w-wanghong) on 2014-04-11
Changed in keystone:
assignee: nobody → wanghong (w-wanghong)

Fix proposed to branch: master
Review: https://review.openstack.org/87450

Changed in keystone:
status: Triaged → In Progress

Change abandoned by wanghong (<email address hidden>) on branch: master
Review: https://review.openstack.org/87450

Steve Martinelli (stevemar) wrote :

unassigning due to inactivity

Changed in keystone:
assignee: wanghong (w-wanghong) → nobody
status: In Progress → Confirmed
Changed in keystone:
importance: Medium → Low
Changed in keystone:
assignee: nobody → Ron De Rose (ronald-de-rose)
Changed in keystone:
assignee: Ron De Rose (ronald-de-rose) → nobody
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers