yahoo-eng-team team mailing list archive

[Henrique Truta <henrique@xxxxxxxxxxxxxxx>]

Public bug reported:

Changing a resource's domain_id, specially a project, is not something
we want, as discussed at the last topic of:
http://eavesdrop.openstack.org/meetings/keystone/2015/keystone.2015-07-21-18.01.log.html

This could cause some security problems as well as hierarchy's
inconsistency, once it'll require the whole hierarchy to be changed,
when changing a parent project's domain_id.

We shall deprecate the 'domain_id_immutable' property
(https://github.com/openstack/keystone/blob/master/etc/keystone.conf.sample#L66)
to remove it in the future and for now,  show a warning if it is set
false.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1479452

Title:
  Changing resource's domain_id should not be possible

Status in Keystone:
  New

Bug description:
  Changing a resource's domain_id, specially a project, is not something
  we want, as discussed at the last topic of:
  http://eavesdrop.openstack.org/meetings/keystone/2015/keystone.2015-07-21-18.01.log.html

  This could cause some security problems as well as hierarchy's
  inconsistency, once it'll require the whole hierarchy to be changed,
  when changing a parent project's domain_id.

  We shall deprecate the 'domain_id_immutable' property
  (https://github.com/openstack/keystone/blob/master/etc/keystone.conf.sample#L66)
  to remove it in the future and for now,  show a warning if it is set
  false.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1479452/+subscriptions