← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1435396] [NEW] No notifications for role grants using v2

 

Public bug reported:


If you use the v3 API to add or remove role grants, you get notifications that it happened, but if you use the v2.0 API, you don't get notifications.

Keystone needs to send notifications when the v2 API is used, also.

For example, start with devstack, then grant a role:

$ keystone user-role-add --user demo --tenant admin --role admin
   - gets a notification for identity.authenticate, but none for identity.created.role_assignment

Same for revoke:

$ keystone user-role-remove --user demo --tenant admin --role admin
   - gets a notification for identity.authenticate, but none for identity.deleted.role_assignment

v3 works fine:

$ curl -X PUT -H "X-Auth-Token: $TOKEN"
http://localhost:5000/v3/projects/$PROJECT_ID/users/$USER_ID/roles/$ROLE_ID

$ curl -X DELETE -H "X-Auth-Token: $TOKEN"
http://localhost:5000/v3/projects/$PROJECT_ID/users/$USER_ID/roles/$ROLE_ID

** Affects: keystone
     Importance: Undecided
     Assignee: Brant Knudson (blk-u)
         Status: New

** Changed in: keystone
     Assignee: (unassigned) => Brant Knudson (blk-u)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1435396

Title:
  No notifications for role grants using v2

Status in OpenStack Identity (Keystone):
  New

Bug description:
  
  If you use the v3 API to add or remove role grants, you get notifications that it happened, but if you use the v2.0 API, you don't get notifications.

  Keystone needs to send notifications when the v2 API is used, also.

  For example, start with devstack, then grant a role:

  $ keystone user-role-add --user demo --tenant admin --role admin
     - gets a notification for identity.authenticate, but none for identity.created.role_assignment

  Same for revoke:

  $ keystone user-role-remove --user demo --tenant admin --role admin
     - gets a notification for identity.authenticate, but none for identity.deleted.role_assignment

  v3 works fine:

  $ curl -X PUT -H "X-Auth-Token: $TOKEN"
  http://localhost:5000/v3/projects/$PROJECT_ID/users/$USER_ID/roles/$ROLE_ID

  $ curl -X DELETE -H "X-Auth-Token: $TOKEN"
  http://localhost:5000/v3/projects/$PROJECT_ID/users/$USER_ID/roles/$ROLE_ID

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1435396/+subscriptions


Follow ups

References