yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1435396] [NEW] No notifications for role grants using v2

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Brant Knudson <bknudson@xxxxxxxxxx>
Date: Mon, 23 Mar 2015 15:47:21 -0000
Reply-to: Bug 1435396 <1435396@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:


If you use the v3 API to add or remove role grants, you get notifications that it happened, but if you use the v2.0 API, you don't get notifications.

Keystone needs to send notifications when the v2 API is used, also.

For example, start with devstack, then grant a role:

$ keystone user-role-add --user demo --tenant admin --role admin
   - gets a notification for identity.authenticate, but none for identity.created.role_assignment

Same for revoke:

$ keystone user-role-remove --user demo --tenant admin --role admin
   - gets a notification for identity.authenticate, but none for identity.deleted.role_assignment

v3 works fine:

$ curl -X PUT -H "X-Auth-Token: $TOKEN"
http://localhost:5000/v3/projects/$PROJECT_ID/users/$USER_ID/roles/$ROLE_ID

$ curl -X DELETE -H "X-Auth-Token: $TOKEN"
http://localhost:5000/v3/projects/$PROJECT_ID/users/$USER_ID/roles/$ROLE_ID

** Affects: keystone
     Importance: Undecided
     Assignee: Brant Knudson (blk-u)
         Status: New

** Changed in: keystone
     Assignee: (unassigned) => Brant Knudson (blk-u)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1435396

Title:
  No notifications for role grants using v2

Status in OpenStack Identity (Keystone):
  New

Bug description:
  
  If you use the v3 API to add or remove role grants, you get notifications that it happened, but if you use the v2.0 API, you don't get notifications.

  Keystone needs to send notifications when the v2 API is used, also.

  For example, start with devstack, then grant a role:

  $ keystone user-role-add --user demo --tenant admin --role admin
     - gets a notification for identity.authenticate, but none for identity.created.role_assignment

  Same for revoke:

  $ keystone user-role-remove --user demo --tenant admin --role admin
     - gets a notification for identity.authenticate, but none for identity.deleted.role_assignment

  v3 works fine:

  $ curl -X PUT -H "X-Auth-Token: $TOKEN"
  http://localhost:5000/v3/projects/$PROJECT_ID/users/$USER_ID/roles/$ROLE_ID

  $ curl -X DELETE -H "X-Auth-Token: $TOKEN"
  http://localhost:5000/v3/projects/$PROJECT_ID/users/$USER_ID/roles/$ROLE_ID

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1435396/+subscriptions

Follow ups

[Bug 1435396] Re: No notifications for role grants using v2
From: Thierry Carrez, 2015-04-20
[Bug 1435396] Re: No notifications for role grants using v2
From: Thierry Carrez, 2015-04-07
[Bug 1435396] Re: No notifications for role grants using v2
From: Tristan Cacqueray, 2015-04-03
[Bug 1435396] [NEW] No notifications for role grants using v2
From: Brant Knudson, 2015-03-23

References

[Bug 1435396] [NEW] No notifications for role grants using v2
From: Brant Knudson, 2015-03-23