Reviewed: https://review.openstack.org/242564 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=57999b564df2a663b24ae91c80d3bfd4a3b914d1 Submitter: Jenkins Branch: master
commit 57999b564df2a663b24ae91c80d3bfd4a3b914d1 Author: Henry Nash <[email protected]> Date: Fri Nov 6 16:57:11 2015 +0000 Show defect in list_user_ids that only lists direct user assignments The assignment manager method list_user_ids_for_projects fails to honor either group or inherited assignments. Since this is used to generate token invalidations, we could be leaving tokens out there which should be killed. Change-Id: I96b2a1f10e3a5013f1151b6c38ddc75282b69c6f Partial-Bug: #1513893 ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1513893 Title: Token invalidation on project delete doesn't take into inheritance into account Status in OpenStack Identity (keystone): Fix Released Bug description: When we delete a project, we invalidate all the project tokens for any user who has a role on that project. The underlying assignment manager method used for this is list_user_ids_for_project(). This uses a driver method that just looks are direct assignments - and ignores any inherited or group role assignments any user may have on this project. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1513893/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
