Public bug reported:
With policy.v3cloudsample.json, domain admin of a domain is unable to
setup a prior domain-specific role to imply another domain-specific role
in the same domain. Per design, this is allowed.
To reproduce.
1. Create "DomainA"
2. Create domain user "foo" in "DomainA"
3. Make "foo" the domain admin of "DomainA"
4. Get a DA token for "foo"
5. As DA, create a domain-specific role "AppDev" in "DomainA"
6. As DA, create a domain-specific role "AppAdmin" in "DomainA"
7. As DA, try to make "AppAdmin" imples "AppDev" and prepare to receive a HTTP
403 response
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1593813
Title:
domain admin unable to setup a prior domain-specific role to implied
another domain-specific role in the same domain
Status in OpenStack Identity (keystone):
New
Bug description:
With policy.v3cloudsample.json, domain admin of a domain is unable to
setup a prior domain-specific role to imply another domain-specific
role in the same domain. Per design, this is allowed.
To reproduce.
1. Create "DomainA"
2. Create domain user "foo" in "DomainA"
3. Make "foo" the domain admin of "DomainA"
4. Get a DA token for "foo"
5. As DA, create a domain-specific role "AppDev" in "DomainA"
6. As DA, create a domain-specific role "AppAdmin" in "DomainA"
7. As DA, try to make "AppAdmin" imples "AppDev" and prepare to receive a
HTTP 403 response
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1593813/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
