yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1635562] [NEW] Federated users which type is 'ephemeral' shouldn't be able to user management

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Kenji Ishii <ken-ishii@xxxxxxxxxxxxx>
Date: Fri, 21 Oct 2016 09:06:53 -0000
Reply-to: Bug 1635562 <1635562@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

There are two types of federated user. One is ephemeral and another is local.
ref: http://docs.openstack.org/developer/keystone/federation/mapping_combinations.html#output

At the moment, if a user login as the former type, Identity panel will be shown.
And if a user has admin privilege, some menus to manage users like Create/Delete Project/User would be displayed.

However, in that case, user's domain is "Federated". It is defined by keystone and it means a temporary domain.
So we can not create and read any identity resources within its domain scope.
(This type of user doesn't have a entity in Keystone, so we can not do even a user list.

Thus, in this case, we should not display Identity panel.

** Affects: horizon
Importance: Undecided
Status: New

--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1635562

Title:
Federated users which type is 'ephemeral' shouldn't be able to user
management

Status in OpenStack Dashboard (Horizon):
New

Bug description:
There are two types of federated user. One is ephemeral and another is local.
ref: http://docs.openstack.org/developer/keystone/federation/mapping_combinations.html#output

At the moment, if a user login as the former type, Identity panel will be shown.
And if a user has admin privilege, some menus to manage users like Create/Delete Project/User would be displayed.

Thus, in this case, we should not display Identity panel.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1635562/+subscriptions