yahoo-eng-team team mailing list archive

[Henry Nash <henryn@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

The /auth/domains API call is meant to return list of domains for which
the user could ask for a domain-scoped token - i.e. any domain on which
they have a role.  However, the code does not differentiate between
inherited and non-inherited roles - and hence might include domains for
which the user has no effective role (a domain inherited role ONLY
applies to the projects within that domain, not to the domain itself).

** Affects: keystone
     Importance: Medium
     Assignee: Henry Nash (henry-nash)
         Status: New

** Summary changed:

- /auth/domains incorrectly includes domain with  only inherited roles
+ /auth/domains incorrectly includes domains with only inherited roles

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1385643

Title:
  /auth/domains incorrectly includes domains with only inherited roles

Status in OpenStack Identity (Keystone):
  New

Bug description:
  The /auth/domains API call is meant to return list of domains for
  which the user could ask for a domain-scoped token - i.e. any domain
  on which they have a role.  However, the code does not differentiate
  between inherited and non-inherited roles - and hence might include
  domains for which the user has no effective role (a domain inherited
  role ONLY applies to the projects within that domain, not to the
  domain itself).

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1385643/+subscriptions