OpenStack Identity (keystone)

  1. Bug #1677723
  2. Comment #45

Comment 45 for bug 1677723

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (stable/ocata)

Reviewed: https://review.openstack.org/459732
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=955fd6ca3758e217d9d98480852e0014dc11e988
Submitter: Jenkins
Branch: stable/ocata

commit 955fd6ca3758e217d9d98480852e0014dc11e988
Author: Boris Bobrov <email address hidden>
Date: Tue Apr 25 14:36:12 2017 +0000

    Do not fetch group assignments without groups

    Without the change, the method fetched all assignments for a project
    or domain, regardless of who has the assignment, user or group. This
    led to situation when federated user without groups could scope a token
    with other user's rules.

    Return empty list of assignments if no groups were passed.

    Closes-Bug: 1677723
    Change-Id: I65f5be915bef2f979e70b043bde27064e970349d
    (cherry picked from commit 2139639eeabc8f6941f4461fc87d609cde3118c2)