yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1403539] Re: Can't create both inherited and direct role assignment on same entities

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Doug Hellmann <doug@xxxxxxxxxxxxxxxx>
Date: Tue, 23 Jun 2015 18:08:57 -0000
Reply-to: Bug 1403539 <1403539@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1403539

Title:
  Can't create both inherited and direct role assignment on same
  entities

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  This bug applies to backend SQL, since it is the only that supports
  inherited role assignments.

  Given a role assignment (actor_id, target_id, role_id, inherited), it should be possible to grant it as both direct and inherited:
  - (actor_id, target_id, role_id, inherited=False)
  - (actor_id, target_id, role_id, inherited=True)

  Currently, it isn't possible since the RoleAssignment table constraint
  does not include inherited column as primary key [1].

  This bug affects inherited functionality on both domains and projects.

  [1]
  https://github.com/openstack/keystone/blob/master/keystone/assignment/backends/sql.py#L776-L777

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1403539/+subscriptions

References

[Bug 1403539] [NEW] Can't create both inherited and direct role assignment on same entities
From: Samuel de Medeiros Queiroz, 2014-12-17