Revoking a role assignment revokes unscoped tokens too
Bug #1546197 reported by
Alexander Makarov
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mirantis OpenStack |
Fix Released
|
Medium
|
Alexander Makarov |
Bug Description
When you delete a role assignment using a user+role+project pairing, unscoped tokens between the user+project are unnecessarily revoked as well. In fact, two events are created for each role assignment deletion (one that is scoped correctly and one that is scoped too broadly).
Steps to reproduce:
1. Create new project and new user there
2. Add new project like member in admin tenant
3. Execute 'keystone token-get' in controller
4. Get TOKEN_ID
5. Execute curl request: curl -H "X-Auth-Token: TOKEN_ID" http://
ER: curl should return correct result
6. Delete new user from admin tenant
7. Repeat curl request
ER: curl should return 401-error
tags: | added: customer-found |
Changed in mos: | |
status: | Confirmed → Won't Fix |
status: | Won't Fix → In Progress |
tags: | added: on-verification |
To post a comment you must log in.
Waiting for https:/ /review. fuel-infra. org/#/c/ 17099 and https:/ /review. fuel-infra. org/#/c/ 17086/