Reviewed: https://review.openstack.org/358111 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=7ba53701989490667d220a3faecae2b484a007c5 Submitter: Jenkins Branch: master
commit 7ba53701989490667d220a3faecae2b484a007c5 Author: Ronald De Rose <[email protected]> Date: Fri Aug 19 20:44:56 2016 +0000 Relax the requirement for mappings to result in group memberships Now that we're able to grant authorization to federated users using concrete role assignments, we can drop the requirement for the mapping engine to result in any authorization (via group membership) at all. Closes-Bug: #1601929 Change-Id: Ie144e20deb4a0bb987182de5c9231a14f0aa2bc8 ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1601929 Title: Relax the requirement for mappings to result in group memberships Status in OpenStack Identity (keystone): Fix Released Bug description: With the introduction of shadow users, we should not require mappings to result in group memberships. This should not require an API change, but would allow for much simpler mappings to be used (literally just assigning a unique ID, and nothing more), which would be sufficient to allow federated users to receive manually assigned concrete role assignments (a process that operators are already familiar with). To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1601929/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
