yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1488208] Re: Revoking a role assignment revokes unscoped tokens too

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Brant Knudson <bknudson@xxxxxxxxxx>
Date: Mon, 15 Feb 2016 14:50:47 -0000
Reply-to: Bug 1488208 <1488208@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone/kilo
       Status: Fix Released => In Progress

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1488208

Title:
  Revoking a role assignment revokes unscoped tokens too

Status in OpenStack Identity (keystone):
  Fix Released
Status in OpenStack Identity (keystone) kilo series:
  In Progress

Bug description:
  When you delete a role assignment using a user+role+project pairing,
  unscoped tokens between the user+project are unnecessarily revoked as
  well. In fact, two events are created for each role assignment
  deletion (one that is scoped correctly and one that is scoped too
  broadly).

  The test failure in https://review.openstack.org/#/c/216236/
  illustrates this issue:

    http://logs.openstack.org/36/216236/1/check/gate-keystone-
  python27/3f44af1/

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1488208/+subscriptions

References

[Bug 1488208] [NEW] Revoking a role assignment revokes unscoped tokens too
From: Dolph Mathews, 2015-08-24