OpenStack Identity (keystone)

  1. Bug #1677723
  2. Comment #44

Comment 44 for bug 1677723

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/459705
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=2139639eeabc8f6941f4461fc87d609cde3118c2
Submitter: Jenkins
Branch: master

commit 2139639eeabc8f6941f4461fc87d609cde3118c2
Author: Boris Bobrov <email address hidden>
Date: Tue Apr 25 13:57:16 2017 +0000

    Do not fetch group assignments without groups

    Without the change, the method fetched all assignments for a project
    or domain, regardless of who has the assignment, user or group. This
    led to situation when federated user without groups could scope a token
    with other user's rules.

    Return empty list of assignments if no groups were passed.

    Closes-Bug: 1677723
    Change-Id: I65f5be915bef2f979e70b043bde27064e970349d