yahoo-eng-team team mailing list archive

[Dolph Mathews <1488208@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

When you delete a role assignment using a user+role+project pairing,
unscoped tokens between the user+project are unnecessarily revoked as
well. In fact, two events are created for each role assignment deletion
(one that is scoped correctly and one that is scoped too broadly).

The test failure in https://review.openstack.org/#/c/216236/ illustrates
this issue:

  http://logs.openstack.org/36/216236/1/check/gate-keystone-
python27/3f44af1/

** Affects: keystone
     Importance: Medium
     Assignee: Dolph Mathews (dolph)
         Status: In Progress

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1488208

Title:
  Revoking a role assignment revokes unscoped tokens too

Status in Keystone:
  In Progress

Bug description:
  When you delete a role assignment using a user+role+project pairing,
  unscoped tokens between the user+project are unnecessarily revoked as
  well. In fact, two events are created for each role assignment
  deletion (one that is scoped correctly and one that is scoped too
  broadly).

  The test failure in https://review.openstack.org/#/c/216236/
  illustrates this issue:

    http://logs.openstack.org/36/216236/1/check/gate-keystone-
  python27/3f44af1/

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1488208/+subscriptions