yahoo-eng-team team mailing list archive

[OpenStack Infra <1601929@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.openstack.org/358111
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=7ba53701989490667d220a3faecae2b484a007c5
Submitter: Jenkins
Branch:    master

commit 7ba53701989490667d220a3faecae2b484a007c5
Author: Ronald De Rose <ronald.de.rose@xxxxxxxxx>
Date:   Fri Aug 19 20:44:56 2016 +0000

    Relax the requirement for mappings to result in group memberships
    
    Now that we're able to grant authorization to federated users using
    concrete role assignments, we can drop the requirement for the mapping
    engine to result in any authorization (via group membership) at all.
    
    Closes-Bug: #1601929
    Change-Id: Ie144e20deb4a0bb987182de5c9231a14f0aa2bc8


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1601929

Title:
  Relax the requirement for mappings to result in group memberships

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  With the introduction of shadow users, we should not require mappings
  to result in group memberships. This should not require an API change,
  but would allow for much simpler mappings to be used (literally just
  assigning a unique ID, and nothing more), which would be sufficient to
  allow federated users to receive manually assigned concrete role
  assignments (a process that operators are already familiar with).

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1601929/+subscriptions