yahoo-eng-team team mailing list archive

[Alexander Makarov <amakarov@xxxxxxxxxxxx>]

Public bug reported:

The case for the bug:
- User authenticates and receives a token scoped to the project1
- User authenticates and receives a token scoped to the project2
- User joins the group
- Group is granted a role to the project1
- Group role grant to the project1 is revoked

Result:
All user tokens are considered revoked.

Analysis:
Revoke model lacks correct token by group revocation - it is done through revocation by user, what results in described effect.

** Affects: keystone
     Importance: Undecided
     Assignee: Haneef Ali (haneef)
         Status: In Progress

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1402760

Title:
  All user tokens are considered revoked on it's group role revocation

Status in OpenStack Identity (Keystone):
  In Progress

Bug description:
  The case for the bug:
  - User authenticates and receives a token scoped to the project1
  - User authenticates and receives a token scoped to the project2
  - User joins the group
  - Group is granted a role to the project1
  - Group role grant to the project1 is revoked

  Result:
  All user tokens are considered revoked.

  Analysis:
  Revoke model lacks correct token by group revocation - it is done through revocation by user, what results in described effect.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1402760/+subscriptions