yahoo-eng-team team mailing list archive

Thread
Date

[Bug 2053137] [NEW] Application credentials with a deleted role are unusable

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Boris Bobrov <2053137@xxxxxxxxxxxxxxxxxx>
Date: Wed, 14 Feb 2024 14:50:45 -0000
Reply-to: Bug 2053137 <2053137@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Public bug reported:

Steps to reproduce:

1. Create role R
2. Create an application credential with role R in it
3. Delete role R
4. Try to list the application credentials

Observed: list fails with 404: Role Not Found
Expected: not sure

I see the following potential behaviors:
1. The role can be removed from the application credential when the role is deleted, leaving the application credential intact; however, the application credential might remain without roles, and i am not sure what it means;
2. The application credential could be immediately deleted when a role is deleted, because it references an invalid role;
3. The non-existing role can stay with the application credential in the database and can simply be ignored when processing the application credential internally

** Affects: keystone
Importance: Undecided
Status: New

--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/2053137

Title:
Application credentials with a deleted role are unusable

Status in OpenStack Identity (keystone):
New

Bug description:
Steps to reproduce:

1. Create role R
2. Create an application credential with role R in it
3. Delete role R
4. Try to list the application credentials

Observed: list fails with 404: Role Not Found
Expected: not sure

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/2053137/+subscriptions

Follow ups

[Bug 2053137] Re: Application credentials with a deleted role are unusable
From: OpenStack Infra, 2024-03-12