yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1155933] Re: Disabling/Deleting a domain should invalidate "foreign" domain tokens

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Samuel de Medeiros Queiroz <samueldmq@xxxxxxxxx>
Date: Fri, 29 Jan 2016 17:08:36 -0000
Reply-to: Bug 1155933 <1155933@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a duplicate of bug 1277847 ***
    https://bugs.launchpad.net/bugs/1277847

** This bug is no longer a duplicate of bug 1360391
   Domain data remains in DB after domain is deleted
** This bug has been marked a duplicate of bug 1277847
   Deleting a domain should remove assignments for foreign users/groups

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1155933

Title:
  Disabling/Deleting a domain should invalidate "foreign" domain tokens

Status in OpenStack Identity (keystone):
  Confirmed

Bug description:
  We are already (either in the current code or with in-flight changes)
  marking all tokens for users/projects within a domain as invalid upon
  disablement/deletion of that domain.  However, there could be users
  from other domains that have tokens that reference the domain being
  disabled/deleted.  These should also be invalidated.  This is already
  marked as FIXME by Dolphm in update domain, but also applies to delete
  domain (although this is really for clean up - since as we are about
  to delete the domain in question, those tokens won't be able to do
  anything).

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1155933/+subscriptions