Usage of application credentials through group membership does not work
Bug #1825991 reported by
Jose Castro Leon
This bug report is a duplicate of:
Bug #1773967: Application credentials can't be used with group-only role assignments.
Edit
Remove
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Identity (keystone) |
In Progress
|
Undecided
|
Colleen Murphy | ||
Bug Description
If you have a user with a role assigned through group membership to a project, you are able to create an application credential for that project. But you can't use it later.
When you try to use it the authenticate method will throw 401 Unauthorized.
Checking a bit the code the issue seems to be in the token_model as it only checks for direct assignments of the user missing all the roles that can be inherited or coming through group membership.
https:/
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to keystone (master) | #1 |
| Changed in keystone: | |
| assignee: | nobody → Jose Castro Leon (jose-castro-leon) |
| status: | New → In Progress |
| Changed in keystone: | |
| assignee: | Jose Castro Leon (jose-castro-leon) → Colleen Murphy (krinkle) |
To post a comment you must log in.
Fix proposed to branch: master
Review: https:/