yahoo-eng-team team mailing list archive

[Samuel de Medeiros Queiroz <samuel@xxxxxxxxxxxxxxx>]

Public bug reported:

This bug applies to backend SQL, since it is the only that supports
inherited role assignments.

Given a role assignment (actor_id, target_id, role_id, inherited), it should be possible to grant it as both direct and inherited:
- (actor_id, target_id, role_id, inherited=False)
- (actor_id, target_id, role_id, inherited=True)

Currently, it isn't possible since the RoleAssignment table constraint
does not include inherited column as primary key [1].

This bug affects inherited functionality on both domains and projects.

[1]
https://github.com/openstack/keystone/blob/master/keystone/assignment/backends/sql.py#L776-L777

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1403539

Title:
  Can't create both inherited and direct role assignment on same
  entities

Status in OpenStack Identity (Keystone):
  New

Bug description:
  This bug applies to backend SQL, since it is the only that supports
  inherited role assignments.

  Given a role assignment (actor_id, target_id, role_id, inherited), it should be possible to grant it as both direct and inherited:
  - (actor_id, target_id, role_id, inherited=False)
  - (actor_id, target_id, role_id, inherited=True)

  Currently, it isn't possible since the RoleAssignment table constraint
  does not include inherited column as primary key [1].

  This bug affects inherited functionality on both domains and projects.

  [1]
  https://github.com/openstack/keystone/blob/master/keystone/assignment/backends/sql.py#L776-L777

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1403539/+subscriptions