yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #46346
[Bug 1546039] Re: If one trustor role is removed, the trust cannot be used
Its a feature. A trust is assumed to be the smallest chunk of delegated
roles possible to perform an action. If a user does not have all those
roles, the trustor should be informed immediately that the trust is no
longer viable.
** Changed in: keystone
Status: In Progress => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1546039
Title:
If one trustor role is removed, the trust cannot be used
Status in OpenStack Identity (keystone):
Invalid
Bug description:
If a trust is created with a list of roles, when the trust is used by
the trustee to obtain a token, we first make sure that the trustor
still has all the delegated roles. However, the way the code is
written, if any have been removed, we immediately fail the token
creation, rather than, instead, grant the token with the remaining
roles. The current exception comment suggests that this was not our
intention.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1546039/+subscriptions
References