OpenStack Identity (keystone)

  1. Bug #1677723
  2. Comment #46

Comment 46 for bug 1677723

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (stable/newton)

Reviewed: https://review.openstack.org/459713
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=05a129e54573b6cbda1ec095f4526f2b9ba90a90
Submitter: Jenkins
Branch: stable/newton

commit 05a129e54573b6cbda1ec095f4526f2b9ba90a90
Author: Boris Bobrov <email address hidden>
Date: Tue Apr 25 14:20:36 2017 +0000

    Do not fetch group assignments without groups

    Without the change, the method fetched all assignments for a project
    or domain, regardless of who has the assignment, user or group. This
    led to situation when federated user without groups could scope a token
    with other user's rules.

    Return empty list of assignments if no groups were passed.

    Closes-Bug: 1677723
    Change-Id: I65f5be915bef2f979e70b043bde27064e970349d
    (cherry picked from commit 2139639eeabc8f6941f4461fc87d609cde3118c2)