yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1590805] Re: Revoking "admin" role from a group invalidates user token

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Raildo Mascena de Sousa Filho <raildo@xxxxxxxxxxxxxxx>
Date: Mon, 13 Jun 2016 12:08:11 -0000
Reply-to: Bug 1590805 <1590805@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

According to your steps, you grant a group role, as you said, domain
admin won't be part of this group, so the behavior is correct. If you
want to domain admin still with this role, you should grant the role for
user and not just for group.


** Changed in: keystone
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1590805

Title:
  Revoking "admin" role from a group invalidates user token

Status in OpenStack Identity (keystone):
  Invalid

Bug description:
  Steps to reproduce

  1. Login as domain admin
  2. Create a new group and grant "admin" role to it.
  3. Group will be empty with no users added to it.(Domain admin won't be part of this group)
  4. Now revoke "admin" role from this group.
  5. Token for domain admin will be invalidated and he/she has to login again.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1590805/+subscriptions

References

[Bug 1590805] [NEW] Revoking "admin" role from a group invalidates user token
From: Niranjana Adiga, 2016-06-09