Adding a role to a disabled user/group should be fine. Authentication
will still fail for the user if she is disabled or the project is
disabled.
** Changed in: keystone
Status: In Progress => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1401040
Title:
possible to grant role to user on domain/project when this domain/user
was disabled
Status in OpenStack Identity (keystone):
Won't Fix
Bug description:
when domain/user was disabled, we still can grant role to user on
domain/project, but doc shows these operations should not be allowed.
see doc:
http://docs.openstack.org/api/openstack-identity-service/3/content/domains-v3domains.html
{
...
Setting this attribute to false prevents users from authorizing against this
domain or any projects owned by this domain, and prevents users owned by this
domain from authenticating or receiving any other authorization. Additionally,
all pre-existing tokens applicable to the above entities are immediately
invalidated. Re-enabling a domain does not re-enable pre-existing tokens.
}
(morganfainberg): It is likely the documentation should be updated as
well to make the expected behavior a bit more clear.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1401040/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
