domain admin unable to setup a domain-specific role to imply another domain-specific role in the same domain
Bug #1593813 reported by
Guang Yee
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Sean Perry | ||
Bug Description
With policy.
To reproduce.
1. Create "DomainA"
2. Create domain user "foo" in "DomainA"
3. Make "foo" the domain admin of "DomainA"
4. Get a DA token for "foo"
5. As DA, create a domain-specific role "AppDev" in "DomainA"
6. As DA, create a domain-specific role "AppAdmin" in "DomainA"
7. As DA, try to make "AppAdmin" imples "AppDev" and prepare to receive a HTTP 403 response
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Related fix proposed to keystone (master) | #1 |
| Changed in keystone: | |
| status: | New → Confirmed |
| summary: |
- domain admin unable to setup a prior domain-specific role to implied - another domain-specific role in the same domain + domain admin unable to setup a domain-specific role to imply another + domain-specific role in the same domain |
Revision history for this message
| David Stanek (dstanek) wrote | #2 |
| Changed in keystone: | |
| importance: | Undecided → Medium |
| milestone: | none → newton-3 |
| Changed in keystone: | |
| milestone: | newton-3 → none |
| Changed in keystone: | |
| assignee: | nobody → Sean Perry (sean-perry-a) |
| Changed in keystone: | |
| status: | Confirmed → In Progress |
| Changed in keystone: | |
| milestone: | none → ocata-1 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to keystone (master) | #4 |
| Changed in keystone: | |
| status: | In Progress → Fix Released |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix included in openstack/keystone 11.0.0.0b1 | #5 |
To post a comment you must log in.
Related fix proposed to branch: master
Review: https:/