yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1318677] Re: Roles applied on Group does not reflect

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Durgadas Kamath <kamathd@xxxxxxxxxx>
Date: Thu, 22 May 2014 13:35:53 -0000
Reply-to: Bug 1318677 <1318677@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Marking this as Invalid since after assigning Role on a combination of
Project+ Group , it worked !

** Changed in: keystone
       Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1318677

Title:
  Roles applied on Group does not reflect

Status in OpenStack Identity (Keystone):
  Invalid

Bug description:
  I have policies which take into effect the project_id and the user
  role to decide whether the user is authorized to perform any
  operation. If I assign a role to user explicitly, everything works
  fine.

  Now, I wanted to make use of Groups concept.
  Therefore , I Created a group and assigned a role to the group which I have used in the policy rules.
  When I create an user, instead of assigning role to user and I assign it to group since  user belonging to a group should implicitly get the role that is being applied on a group but this does not work.

  Verification:
  Policy rules fails to take effect since doing a GET on the user , the roles are shown empty. Therefore , it seems like roles applied on the group never takes effect.

  Note: Using v3 GET API  , listing roles on a group works but getting a
  roles for a user does not show the role present for the group for
  which the user belongs to.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1318677/+subscriptions

References

[Bug 1318677] [NEW] Roles applied on Group does not reflect
From: Durgadas Kamath, 2014-05-12