yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1385643] Re: /auth/domains incorrectly includes domains with only group inherited roles

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Morgan Fainberg <morgan.fainberg@xxxxxxxxx>
Date: Wed, 28 Jan 2015 18:30:53 -0000
Reply-to: Bug 1385643 <1385643@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Also affects: keystone/juno
   Importance: Undecided
       Status: New

** Changed in: keystone/juno
   Importance: Undecided => Medium

** Changed in: keystone/juno
     Assignee: (unassigned) => Brant Knudson (blk-u)

** Changed in: keystone/juno
       Status: New => In Progress

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1385643

Title:
  /auth/domains incorrectly includes domains with only group inherited
  roles

Status in OpenStack Identity (Keystone):
  Fix Released
Status in Keystone juno series:
  In Progress

Bug description:
  The /auth/domains API call is meant to return list of domains for
  which the user could ask for a domain-scoped token - i.e. any domain
  on which they have a role.  However, the code does not differentiate
  between inherited and non-inherited group roles - and hence might
  include domains for which the user has no effective role (a domain
  inherited role ONLY applies to the projects within that domain, not to
  the domain itself).

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1385643/+subscriptions

References

[Bug 1385643] [NEW] /auth/domains incorrectly includes domains with only inherited roles
From: Henry Nash, 2014-10-25