← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1401040] Re: possible to grant role to user on domain/project when this domain/user was disabled

 

Adding a role to a disabled user/group should be fine. Authentication
will still fail for the user if she is disabled or the project is
disabled.

** Changed in: keystone
       Status: In Progress => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1401040

Title:
  possible to grant role to user on domain/project when this domain/user
  was disabled

Status in OpenStack Identity (keystone):
  Won't Fix

Bug description:
  when domain/user was disabled, we still can grant role to user on
  domain/project, but doc shows these operations should not be allowed.

  see doc: http://docs.openstack.org/api/openstack-identity-service/3/content/domains-v3domains.html
  {
  ...
  Setting this attribute to false prevents users from authorizing against this domain or any projects owned by this domain, and prevents users owned by this domain from authenticating or receiving any other authorization. Additionally, all pre-existing tokens applicable to the above entities are immediately invalidated. Re-enabling a domain does not re-enable pre-existing tokens.
  }

  (morganfainberg): It is likely the documentation should be updated as
  well to make the expected behavior a bit more clear.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1401040/+subscriptions


References