Bug #1750669 “The v3 grant API should account for different scop...” : Bugs : OpenStack Identity (keystone)

Lance Bragstad (lbragstad) on 2018-02-20

Changed in keystone:
status:	New → Triaged
importance:	Undecided → High
description:	updated

Lance Bragstad (lbragstad) on 2018-02-20

summary:	- The v3 assignment API should account for different scopes + The v3 grant API should account for different scopes
description:	updated

Colleen Murphy (krinkle) on 2018-09-19

tags:

added: system-scope

Vishakha Agarwal (vishakha.agarwal) on 2018-10-18

Changed in keystone:
assignee:	nobody → Vishakha Agarwal (vishakha.agarwal)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-10-23: Fix proposed to keystone (master)

#1

Fix proposed to branch: master
Review: https://review.openstack.org/612615

Changed in keystone:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-12-04: Related fix proposed to keystone (master)

#2

Related fix proposed to branch: master
Review: https://review.openstack.org/622615

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-20:

#3

Related fix proposed to branch: master
Review: https://review.openstack.org/645021

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-20:

#4

Related fix proposed to branch: master
Review: https://review.openstack.org/645022

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-20:

#5

Related fix proposed to branch: master
Review: https://review.openstack.org/645023

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-20:

#6

Related fix proposed to branch: master
Review: https://review.openstack.org/645024

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-21:

#7

Related fix proposed to branch: master
Review: https://review.openstack.org/645309

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-21:

#8

Related fix proposed to branch: master
Review: https://review.openstack.org/645310

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-21:

#9

Related fix proposed to branch: master
Review: https://review.openstack.org/645311

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-22: Related fix merged to keystone (master)

#10

Reviewed: https://review.openstack.org/622615
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=465a8bb59be13739253a52d7e457067cf63d3ba8
Submitter: Zuul
Branch: master

commit 465a8bb59be13739253a52d7e457067cf63d3ba8
Author: Lance Bragstad <email address hidden>
Date: Tue Dec 4 22:24:40 2018 +0000

Update system grant policies for system reader

    The system grant policies were not taking the default roles work we
    did last release into account. This commit changes the default
    policies to rely on the ``reader`` role for getting and listing system
    assignments. Subsequent patches will incorporate:

     - system member test coverage
     - system admin functionality
     - domain user test coverage
     - project user test coverage

    Change-Id: I838c85f315864d2f0baf747d6bcc546724e4673a
    Related-Bug: 1805368
    Related-Bug: 1750669
    Related-Bug: 1806762

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-22: Related fix proposed to keystone (master)

#11

Related fix proposed to branch: master
Review: https://review.openstack.org/645889

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-22:

#12

Related fix proposed to branch: master
Review: https://review.openstack.org/645890

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-25: Related fix merged to keystone (master)

#13

Reviewed: https://review.openstack.org/645021
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=bb4192e88d88b781b2a821f3a499b7168b7bbc31
Submitter: Zuul
Branch: master

commit bb4192e88d88b781b2a821f3a499b7168b7bbc31
Author: Lance Bragstad <email address hidden>
Date: Wed Mar 20 21:18:32 2019 +0000

Update system grant policies for system member

This commit ensures users with the ``member`` role on the system can
perform read-only operations against the system assignment API.

     - system admin functionality
     - domain user test coverage
     - project user test coverage

    Change-Id: I834475da2343ba87fb169689f71d4cb4713f6786
    Related-Bug: 1805368
    Related-Bug: 1750669
    Related-Bug: 1806762

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-26:

#14

Reviewed: https://review.openstack.org/645022
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=8f4e179c69eae7ced731776717c09a979bd67cc5
Submitter: Zuul
Branch: master

commit 8f4e179c69eae7ced731776717c09a979bd67cc5
Author: Lance Bragstad <email address hidden>
Date: Wed Mar 20 21:40:55 2019 +0000

Update system grant policies for system admin

    This commit updates the policies for adding and removing system
    assignments from users to be consistent with other system-scoped
    policies.

- domain user test coverage
- project user test coverage

    Change-Id: Ia24a81669477ca5c737d0dedefac0c8fb0edc51a
    Related-Bug: 1805368
    Related-Bug: 1750669
    Related-Bug: 1806762

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-26:

#15

Reviewed: https://review.openstack.org/645023
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=8450d4a9cc76ce9e476d3cadf863f40f072f4cfe
Submitter: Zuul
Branch: master

commit 8450d4a9cc76ce9e476d3cadf863f40f072f4cfe
Author: Lance Bragstad <email address hidden>
Date: Wed Mar 20 21:49:32 2019 +0000

Test domain users against system assignment API

    This commit ensures that domain users are not able to operate on
    system role assignments in anyway since they lack the proper
    authorization to do so.

- project user test coverage

    Change-Id: Ic27a158448e1098fdb1c0a14694793cc041e7eff
    Related-Bug: 1805368
    Related-Bug: 1750669
    Related-Bug: 1806762

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-26:

#16

Reviewed: https://review.openstack.org/645024
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=fac844c4ae058c148889b636ab6cbb637df7e554
Submitter: Zuul
Branch: master

commit fac844c4ae058c148889b636ab6cbb637df7e554
Author: Lance Bragstad <email address hidden>
Date: Wed Mar 20 21:58:51 2019 +0000

Test project users against system assignment API

    This commit ensures that project users are not able to operate on
    system role assignments in anyway since they lack the proper
    authorization to do so.

    Change-Id: I8b5add170ba0d9eec42f2d088f4b89aa801136df
    Related-Bug: 1805368
    Related-Bug: 1750669
    Related-Bug: 1806762

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-26:

#17

Reviewed: https://review.openstack.org/645309
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=593e67e6ca429c6e6b54c5453a05c40a73abee85
Submitter: Zuul
Branch: master

commit 593e67e6ca429c6e6b54c5453a05c40a73abee85
Author: Lance Bragstad <email address hidden>
Date: Thu Mar 21 18:21:42 2019 +0000

Update system group assignment policies for reader and member

    This commit introduces the reader and member default roles to the
    system assignment API for groups. Users with the `reader` and `member`
    role on the system should be able to list and check system role
    assignments for all users in the deployment.

Subsequent patches will:

      - simplify the policies for system admin
      - add domain user test coverage
      - add project user test coverage
      - remove obsolete policies from policy.v3cloudsample.json

    Change-Id: I7eebb1b07213a1406e98f8a621ec44c87b812457
    Related-Bug: 1805368
    Related-Bug: 1750669
    Related-Bug: 1806762

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-26:

#18

Reviewed: https://review.openstack.org/645310
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=ba09e89ba1b8a883b09ca81f43bf54bd870411c1
Submitter: Zuul
Branch: master

commit ba09e89ba1b8a883b09ca81f43bf54bd870411c1
Author: Lance Bragstad <email address hidden>
Date: Thu Mar 21 18:29:21 2019 +0000

Update group system grant policies for admins

    This commit updates the policies for adding and removing system
    assignments from groups to be consistent with other system-scoped
    policies.

Subsequent patches will build on this work and:

      - add domain user test coverage
      - add project user test coverage
      - remove obsolete policies from policy.v3cloudsample.json

    Change-Id: I90ecc67dbae60c74b69bb227a08205d4415bd16e
    Related-Bug: 1805368
    Related-Bug: 1750669
    Related-Bug: 1806762

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-26:

#19

Reviewed: https://review.openstack.org/645311
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=6e118bad3d49bc1da7137a406fb8cb2e3da931ca
Submitter: Zuul
Branch: master

commit 6e118bad3d49bc1da7137a406fb8cb2e3da931ca
Author: Lance Bragstad <email address hidden>
Date: Thu Mar 21 18:54:06 2019 +0000

Test domain and project users against group system assignment API

    This commit ensures that domain and project users are not able to
    operate on system role assignments for groups in anyway since they
    lack the proper authorization to do so.

Subsequent patches will:

- remove obsolete policies from policy.v3cloudsample.json

    Change-Id: I696e5d161fae7efbc208355372bf7bf09f96849f
    Related-Bug: 1805368
    Related-Bug: 1750669
    Related-Bug: 1806762

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-26: Related fix proposed to keystone (stable/stein)

#20

Related fix proposed to branch: stable/stein
Review: https://review.openstack.org/647673

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-26:

#21

Related fix proposed to branch: stable/stein
Review: https://review.openstack.org/647674

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-26:

#22

Related fix proposed to branch: stable/stein
Review: https://review.openstack.org/647675

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-26:

#23

Related fix proposed to branch: stable/stein
Review: https://review.openstack.org/647676

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-26:

#24

Related fix proposed to branch: stable/stein
Review: https://review.openstack.org/647677

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-26:

#25

Related fix proposed to branch: stable/stein
Review: https://review.openstack.org/647678

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-26:

#26

Related fix proposed to branch: stable/stein
Review: https://review.openstack.org/647679

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-26:

#27

Related fix proposed to branch: stable/stein
Review: https://review.openstack.org/647680

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-26: Related fix merged to keystone (master)

#28

Reviewed: https://review.openstack.org/645889
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=d1cfa3ab3f87f15f61c5387670d3b75ee2ba93ba
Submitter: Zuul
Branch: master

commit d1cfa3ab3f87f15f61c5387670d3b75ee2ba93ba
Author: Lance Bragstad <email address hidden>
Date: Fri Mar 22 21:08:25 2019 +0000

Implement system reader functionality for grants

    This commit opens up the assignment API for system readers and system
    members to list and check grants for users and groups on projects and
    domains. Subsequent patches will:

     - refactor system admin policy checks
     - implement domain reader and member support
     - implement domain admin support
     - introduce test coverage for project users and the grants API
     - remove redundant policies from policy.v3cloudsample.json

    Change-Id: I04bafe2f7c83addddf18591eaeba80277321139b
    Related-Bug: 1805368
    Related-Bug: 1750669
    Related-Bug: 1806762

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-26:

#29

Reviewed: https://review.openstack.org/645890
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=ef838a3a3f575562b1fc84623c3a8491d4f2e2f4
Submitter: Zuul
Branch: master

commit ef838a3a3f575562b1fc84623c3a8491d4f2e2f4
Author: Lance Bragstad <email address hidden>
Date: Fri Mar 22 21:25:07 2019 +0000

Make system admin policies consistent for grants

    This commit adjust the create and revoke grant policies to be
    consistent with other system admin policy check strings by not using
    the rule:admin_required check string and by including system_scope:all
    in the rule itself.

Subsequent patches will:

     - implement domain reader and member support
     - implement domain admin support
     - introduce test coverage for project users and the grants API
     - remove redundant policies from policy.v3cloudsample.json

    Related-Bug: 1805368
    Related-Bug: 1750669
    Related-Bug: 1806762

Change-Id: Idcbe16f643332d80af716074cf3ea22525d465a9

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-26: Related fix merged to keystone (stable/stein)

#30

Reviewed: https://review.openstack.org/647673
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=fd08266abb3a4fb18ac05921ca11c4768daa2f6d
Submitter: Zuul
Branch: stable/stein

commit fd08266abb3a4fb18ac05921ca11c4768daa2f6d
Author: Lance Bragstad <email address hidden>
Date: Tue Dec 4 22:24:40 2018 +0000

Update system grant policies for system reader

    The system grant policies were not taking the default roles work we
    did last release into account. This commit changes the default
    policies to rely on the ``reader`` role for getting and listing system
    assignments. Subsequent patches will incorporate:

     - system member test coverage
     - system admin functionality
     - domain user test coverage
     - project user test coverage

    Change-Id: I838c85f315864d2f0baf747d6bcc546724e4673a
    Related-Bug: 1805368
    Related-Bug: 1750669
    Related-Bug: 1806762
    (cherry picked from commit 465a8bb59be13739253a52d7e457067cf63d3ba8)

tags:

added: in-stable-stein

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-26:

#31

Reviewed: https://review.openstack.org/647674
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=0786fde3932e218ef355a6cc958f83c3c7033686
Submitter: Zuul
Branch: stable/stein

commit 0786fde3932e218ef355a6cc958f83c3c7033686
Author: Lance Bragstad <email address hidden>
Date: Wed Mar 20 21:18:32 2019 +0000

Update system grant policies for system member

This commit ensures users with the ``member`` role on the system can
perform read-only operations against the system assignment API.

     - system admin functionality
     - domain user test coverage
     - project user test coverage

    Change-Id: I834475da2343ba87fb169689f71d4cb4713f6786
    Related-Bug: 1805368
    Related-Bug: 1750669
    Related-Bug: 1806762
    (cherry picked from commit bb4192e88d88b781b2a821f3a499b7168b7bbc31)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-26:

#32

Reviewed: https://review.openstack.org/647675
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=ad108dafe2bdd1b6523d6f45315bb136b9b01408
Submitter: Zuul
Branch: stable/stein

commit ad108dafe2bdd1b6523d6f45315bb136b9b01408
Author: Lance Bragstad <email address hidden>
Date: Wed Mar 20 21:40:55 2019 +0000

Update system grant policies for system admin

    This commit updates the policies for adding and removing system
    assignments from users to be consistent with other system-scoped
    policies.

- domain user test coverage
- project user test coverage

    Change-Id: Ia24a81669477ca5c737d0dedefac0c8fb0edc51a
    Related-Bug: 1805368
    Related-Bug: 1750669
    Related-Bug: 1806762
    (cherry picked from commit 8f4e179c69eae7ced731776717c09a979bd67cc5)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-26:

#33

Reviewed: https://review.openstack.org/647676
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=4ccb4c258f54642a272e0d865aa1768b7f1ffee5
Submitter: Zuul
Branch: stable/stein

commit 4ccb4c258f54642a272e0d865aa1768b7f1ffee5
Author: Lance Bragstad <email address hidden>
Date: Wed Mar 20 21:49:32 2019 +0000

Test domain users against system assignment API

    This commit ensures that domain users are not able to operate on
    system role assignments in anyway since they lack the proper
    authorization to do so.

- project user test coverage

    Change-Id: Ic27a158448e1098fdb1c0a14694793cc041e7eff
    Related-Bug: 1805368
    Related-Bug: 1750669
    Related-Bug: 1806762
    (cherry picked from commit 8450d4a9cc76ce9e476d3cadf863f40f072f4cfe)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-26:

#34

Reviewed: https://review.openstack.org/647677
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=de083009eb51d1af086387bbac0dca8d3c4474c0
Submitter: Zuul
Branch: stable/stein

commit de083009eb51d1af086387bbac0dca8d3c4474c0
Author: Lance Bragstad <email address hidden>
Date: Wed Mar 20 21:58:51 2019 +0000

Test project users against system assignment API

    This commit ensures that project users are not able to operate on
    system role assignments in anyway since they lack the proper
    authorization to do so.

    Change-Id: I8b5add170ba0d9eec42f2d088f4b89aa801136df
    Related-Bug: 1805368
    Related-Bug: 1750669
    Related-Bug: 1806762
    (cherry picked from commit fac844c4ae058c148889b636ab6cbb637df7e554)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-26:

#35

Reviewed: https://review.openstack.org/647678
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=1d8ac830a1ed6a571db6987d4ef657cf3e04d640
Submitter: Zuul
Branch: stable/stein

commit 1d8ac830a1ed6a571db6987d4ef657cf3e04d640
Author: Lance Bragstad <email address hidden>
Date: Thu Mar 21 18:21:42 2019 +0000

Update system group assignment policies for reader and member

    This commit introduces the reader and member default roles to the
    system assignment API for groups. Users with the `reader` and `member`
    role on the system should be able to list and check system role
    assignments for all users in the deployment.

Subsequent patches will:

      - simplify the policies for system admin
      - add domain user test coverage
      - add project user test coverage
      - remove obsolete policies from policy.v3cloudsample.json

    Change-Id: I7eebb1b07213a1406e98f8a621ec44c87b812457
    Related-Bug: 1805368
    Related-Bug: 1750669
    Related-Bug: 1806762
    (cherry picked from commit 593e67e6ca429c6e6b54c5453a05c40a73abee85)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-26:

#36

Reviewed: https://review.openstack.org/647679
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=02eebfe5732fb9935331551e223337b22db7aebd
Submitter: Zuul
Branch: stable/stein

commit 02eebfe5732fb9935331551e223337b22db7aebd
Author: Lance Bragstad <email address hidden>
Date: Thu Mar 21 18:29:21 2019 +0000

Update group system grant policies for admins

    This commit updates the policies for adding and removing system
    assignments from groups to be consistent with other system-scoped
    policies.

Subsequent patches will build on this work and:

      - add domain user test coverage
      - add project user test coverage
      - remove obsolete policies from policy.v3cloudsample.json

    Change-Id: I90ecc67dbae60c74b69bb227a08205d4415bd16e
    Related-Bug: 1805368
    Related-Bug: 1750669
    Related-Bug: 1806762
    (cherry picked from commit ba09e89ba1b8a883b09ca81f43bf54bd870411c1)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-26:

#37

Reviewed: https://review.openstack.org/647680
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=56e48127938be2d67b984d00b155833532233713
Submitter: Zuul
Branch: stable/stein

commit 56e48127938be2d67b984d00b155833532233713
Author: Lance Bragstad <email address hidden>
Date: Thu Mar 21 18:54:06 2019 +0000

Test domain and project users against group system assignment API

    This commit ensures that domain and project users are not able to
    operate on system role assignments for groups in anyway since they
    lack the proper authorization to do so.

Subsequent patches will:

- remove obsolete policies from policy.v3cloudsample.json

    Change-Id: I696e5d161fae7efbc208355372bf7bf09f96849f
    Related-Bug: 1805368
    Related-Bug: 1750669
    Related-Bug: 1806762
    (cherry picked from commit 6e118bad3d49bc1da7137a406fb8cb2e3da931ca)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-26: Related fix proposed to keystone (stable/stein)

#38

Related fix proposed to branch: stable/stein
Review: https://review.openstack.org/647814

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-26:

#39

Related fix proposed to branch: stable/stein
Review: https://review.openstack.org/647815

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-04-01: Related fix merged to keystone (stable/stein)

#40

Reviewed: https://review.openstack.org/647814
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=db3b293cdea31b5a2b4fab1108d905832ee15550
Submitter: Zuul
Branch: stable/stein

commit db3b293cdea31b5a2b4fab1108d905832ee15550
Author: Lance Bragstad <email address hidden>
Date: Fri Mar 22 21:08:25 2019 +0000

Implement system reader functionality for grants

    This commit opens up the assignment API for system readers and system
    members to list and check grants for users and groups on projects and
    domains. Subsequent patches will:

     - refactor system admin policy checks
     - implement domain reader and member support
     - implement domain admin support
     - introduce test coverage for project users and the grants API
     - remove redundant policies from policy.v3cloudsample.json

    Change-Id: I04bafe2f7c83addddf18591eaeba80277321139b
    Related-Bug: 1805368
    Related-Bug: 1750669
    Related-Bug: 1806762
    (cherry picked from commit d1cfa3ab3f87f15f61c5387670d3b75ee2ba93ba)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-04-02:

#41

Reviewed: https://review.openstack.org/647815
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=933b7509a4177680158baeeb582f82470f73ae38
Submitter: Zuul
Branch: stable/stein

commit 933b7509a4177680158baeeb582f82470f73ae38
Author: Lance Bragstad <email address hidden>
Date: Fri Mar 22 21:25:07 2019 +0000

Make system admin policies consistent for grants

    This commit adjust the create and revoke grant policies to be
    consistent with other system admin policy check strings by not using
    the rule:admin_required check string and by including system_scope:all
    in the rule itself.

Subsequent patches will:

     - implement domain reader and member support
     - implement domain admin support
     - introduce test coverage for project users and the grants API
     - remove redundant policies from policy.v3cloudsample.json

    Related-Bug: 1805368
    Related-Bug: 1750669
    Related-Bug: 1806762

Change-Id: Idcbe16f643332d80af716074cf3ea22525d465a9
(cherry picked from commit ef838a3a3f575562b1fc84623c3a8491d4f2e2f4)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-06-26: Fix proposed to keystone (master)

#42

Fix proposed to branch: master
Review: https://review.opendev.org/667730

Changed in keystone:
assignee:	Vishakha Agarwal (vishakha.agarwal) → Lance Bragstad (lbragstad)

OpenStack Infra (hudson-openstack) on 2019-09-06

Changed in keystone:
assignee:	Lance Bragstad (lbragstad) → Colleen Murphy (krinkle)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-09-13: Change abandoned on keystone (master)

#43

Change abandoned by Vishakha Agarwal (<email address hidden>) on branch: master
Review: https://review.opendev.org/612615

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-09-13: Fix merged to keystone (master)

#44

Reviewed: https://review.opendev.org/645968
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=f0ef5741c1ffb4173ce5d845a4ec30e075984b3e
Submitter: Zuul
Branch: master

commit f0ef5741c1ffb4173ce5d845a4ec30e075984b3e
Author: Lance Bragstad <email address hidden>
Date: Fri Mar 22 22:07:44 2019 +0000

Implement domain reader support for grants

This commit adds testing and policy changes for domain users to be
able to manage grants within their domain.

    Co-Authored-By: Vishakha Agarwal <email address hidden>
    Co-Authored-By: Colleen Murphy <email address hidden>
    Change-Id: I453203a4d92c391612cb7efc5dd4287ef30f7392
    Partial-Bug: 1805368
    Partial-Bug: 1750669

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-09-13:

#45

Reviewed: https://review.opendev.org/667730
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=bbd77d0bf9dde57e5ca5d53f7214df85713b9f1e
Submitter: Zuul
Branch: master

commit bbd77d0bf9dde57e5ca5d53f7214df85713b9f1e
Author: Lance Bragstad <email address hidden>
Date: Wed Jun 26 20:54:22 2019 +0000

Implement domain admin support for grants

    This commit goes through and updates grant policies to allow domain
    administrator to manager grants for their domains and projects within
    thier domain.

Co-Authored-By: Colleen Murphy <email address hidden>

    Change-Id: I5f1839a3f8d23d17e449aa9f8710d70233ee8fcc
    Closes-Bug: 1805368
    Closes-Bug: 1750669

Changed in keystone:
status:	In Progress → Fix Released

Colleen Murphy (krinkle) on 2019-09-14

Changed in keystone:
assignee:	Colleen Murphy (krinkle) → Lance Bragstad (lbragstad)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-09-27: Fix included in openstack/keystone 16.0.0.0rc1

#46

This issue was fixed in the openstack/keystone 16.0.0.0rc1 release candidate.

OpenStack Identity (keystone)

The v3 grant API should account for different scopes

Bug Description

Other bug subscribers

Remote bug watches