yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1734117] [NEW] Scoping to project which is not on authentication domain is not working as expected

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Evgeny Fedoruk <evgenyf@xxxxxxxxxxx>
Date: Thu, 23 Nov 2017 12:42:47 -0000
Reply-to: Bug 1734117 <1734117@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Having user "U" on domain "X" which has admin role on domain "X" and domain "Y"
domain "X" and domain "Y" have projects "X1" and "Y1" respectively.

Authenticating with user "U" on domain "X" and scoping to domain "X"
OK.

Authenticating with user "U" on domain "X" and scoping to domain "Y"
OK.

Authenticating with user "U" on domain "X" and scoping to project "X1" belonging to domain "X"
OK.

Authenticating with user "U" on domain "X" and scoping to project "Y1" belonging to domain "Y"
FAILS.

I expect the last authentication to succeed, since user has admin role
on the domain of the project.

This kind of authentication will succeed if admin role on project "Y"
will be granted to the user.

** Affects: keystone
Importance: Undecided
Status: New

--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1734117

Title:
Scoping to project which is not on authentication domain is not
working as expected

Status in OpenStack Identity (keystone):
New

Bug description: