yahoo-eng-team team mailing list archive

[OpenStack Infra <1440135@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.openstack.org/282696
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=809e5533ccdbffcc73ef9c6bda158e7f8386bb08
Submitter: Jenkins
Branch:    master

commit 809e5533ccdbffcc73ef9c6bda158e7f8386bb08
Author: Clenimar Filemon <clenimar.filemon@xxxxxxxxx>
Date:   Sat Feb 20 12:47:24 2016 -0300

    Fix incorrect assumption when deleting assignments
    
    The methods delete_user_assignments() and delete_group_assignments()
    in the assignment backend remove all assignments for a user/group -
    although the code fails to set the type of assignment and just uses
    actor_id, making an assumption that user_id != group_id.
    
    This patch specifies the type of assignments in the delete (i.e
    USER_PROJECT/USER_DOMAIN or GROUP_PROJECT/GROUP_DOMAIN) to make sure
    no assignment will be mistakenly deleted.
    
    Change-Id: I246a61a291dd41490f49b7b26a04f93e69e61d7a
    Closes-Bug: #1440135


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1440135

Title:
  Cleaning up user/group assignments makes incorrect assumption that
  user_id != group_id

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  The methods delete_user_assignments() and delete_group_assignments()
  in the assignment backends removes all assignments for a user/group -
  although the code fails to set the type of assignment, and just uses
  actor_id. This is nearly always going to be fine, although technically
  one should also specify the type of the assignment in the delete (e.g.
  USER_PROJECT/USER_DOMAIN and USER_PROJECT/GROUP_PROJECT).

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1440135/+subscriptions