OpenStack Identity (keystone)

add user option to ignore user inactivity period

Bug #1827431 reported by Pavlo Shchelokovskyy on 2019-05-02

12

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	Medium	Vishakha Agarwal

Bug Description

Heat's bug: https://storyboard.openstack.org/#!/story/2005210

Heat creates service users in its dedicated domain on the fly. These are crucial in situations that require deferred authentications, for example autoscaling.

While it is currently possible to ignore some settings in [security_compliance] sections of Keystone for specific users, there's no way to ignore the "disable_user_account_days_inactive" setting.

It is proposed to add such user option (similar to those already existing ones) to ignore this setting for a given user

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-05-02: Fix proposed to keystone (master)

#1

Fix proposed to branch: master
Review: https://review.opendev.org/656898

Changed in keystone:
assignee:	nobody → Pavlo Shchelokovskyy (pshchelo)
status:	New → In Progress

Colleen Murphy (krinkle) on 2019-05-13

Changed in keystone:
importance:	Undecided → Medium

Revision history for this message

Vishakha Agarwal (vishakha.agarwal) wrote on 2020-03-31:

#2

Hi. Is anyone working over this?

Revision history for this message

Pavlo Shchelokovskyy (pshchelo) wrote on 2020-04-10:

#3

Hi Vishaka,

same comment as in another issue - please take over if having time.

Changed in keystone:
assignee:	Pavlo Shchelokovskyy (pshchelo) → nobody

Revision history for this message

Vishakha Agarwal (vishakha.agarwal) wrote on 2020-04-16:

#4

Thanks Pavlo

Vishakha Agarwal (vishakha.agarwal) on 2020-06-10

Changed in keystone:
assignee:	nobody → Vishakha Agarwal (vishakha.agarwal)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-07-15: Fix merged to keystone (master)

#5

Reviewed: https://review.opendev.org/656898
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=c9c655a1e1e865a1f4e274c0aaea1749acc8a53b
Submitter: Zuul
Branch: master

commit c9c655a1e1e865a1f4e274c0aaea1749acc8a53b
Author: Pavlo Shchelokovskyy <email address hidden>
Date: Thu May 2 16:50:56 2019 -0600

Add ignore_user_inactivity user option

    this option allows to override the
    [security_compliance]disable_user_account_days_inactive setting from
    config on per-user basis.

Co-Authored-By: Vishakha Agarwal <email address hidden>

Change-Id: Ida360e215426184195687bee2a800877af33af04
Closes-Bug: #1827431

Changed in keystone:
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.