I'm using juno, uuid, sql, v2 and v3.
But these things would not matter.
Please try like this.
1. get foo's token (a) using keystone api.
2. user foo is disabled. (direct operation to mysql : keystone.user.enabled=0)
3. get new token using keystone api. then can't get new token. this is ok.
4. but foo CAN nova list api by token(a)
This issue is because token/provider.py does not check the status of the user or tenant.
I'm using juno, uuid, sql, v2 and v3.
But these things would not matter.
Please try like this. user.enabled= 0)
1. get foo's token (a) using keystone api.
2. user foo is disabled. (direct operation to mysql : keystone.
3. get new token using keystone api. then can't get new token. this is ok.
4. but foo CAN nova list api by token(a)
This issue is because token/provider.py does not check the status of the user or tenant.