Comment 5 for bug 1064914

vishy: heckj: correct, we don't check anywhere that the user is still a member of the tenant
[2:29pm] heckj: vishy: so the core of that bug is that we're not verifying that the user is a member of the tenant?
[2:30pm] vishy: correct
[2:30pm] vishy: i just marked it confirmed
[2:30pm] heckj: heh - I just marked it as triaged
[2:30pm] vishy: i just tested and removed myself from my tenant, I was still able to run commands with my ec2 token
[2:30pm] heckj: Okay - thank you! I'll get on it!

DELETE /tenants/{tenant_id}/users/{user_id}/roles/OS-KSADM/{role_id}
in keystone/contrib/admin_crud/core.py