Reviewed: https://review.opendev.org/655166 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=14b25bc5d18842210cfffe1afdca475e848b84aa Submitter: Zuul Branch: master
commit 14b25bc5d18842210cfffe1afdca475e848b84aa Author: Jose Castro Leon <[email protected]> Date: Tue Apr 23 15:38:16 2019 +0200 Allows to use application credentials through group membership When using role assignment through groups, the user cannot use the application credentials created. This allows to look up the membership by checking inherited and group assignments. Change-Id: If1bf5bd785a494923303265797311d42018ba7af Closes-Bug: #1773967 ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1773967 Title: Application credentials can't be used with group-only role assignments Status in OpenStack Identity (keystone): Fix Released Bug description: If a user only has a role assignment on a project via a group membership, the user can create an application credential for the project but it cannot be used. If someone tries to use it, the debug logs will report: User <uuid> has no access to project <uuid> We need to ensure that any application credential that is created can be used so long as it is not expired and the user exists and has access to the project they created the application credential for. If we decide that application credentials should not be valid for users who have no explicit role assignments on projects, then we should prevent it from being created and provide a useful message to the user. This is probably related to https://bugs.launchpad.net/keystone/+bug/1589993 To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1773967/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
