yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #45109
[Bug 1402760] Re: All user tokens are considered revoked on it's group role revocation
** Also affects: keystone/kilo
Importance: Undecided
Status: New
** Changed in: keystone/kilo
Status: New => Fix Committed
** Changed in: keystone/kilo
Milestone: None => 2015.1.3
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1402760
Title:
All user tokens are considered revoked on it's group role revocation
Status in OpenStack Identity (keystone):
Fix Released
Status in OpenStack Identity (keystone) kilo series:
Fix Committed
Bug description:
The case for the bug:
- User authenticates and receives a token scoped to the project1
- User authenticates and receives a token scoped to the project2
- User joins the group
- Group is granted a role to the project1
- Group role grant to the project1 is revoked
Result:
All user tokens are considered revoked.
Analysis:
Revoke model lacks correct token by group revocation - it is done through revocation by user, what results in described effect.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1402760/+subscriptions
References