Mirantis OpenStack

Keystone invalidates _every_ token for a User after changing its roles within _one_ tenant

Bug #1393732 reported by Timur Sufiev on 2014-11-18

6

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Mirantis OpenStack	Fix Committed	Medium	Alexander Makarov	Mirantis OpenStack 6.0-updates
	6.0.x	Won't Fix	Medium	Alexander Makarov	Mirantis OpenStack 6.0-updates
	6.1.x	Won't Fix	Medium	Alexander Makarov	Mirantis OpenStack 6.1
	7.0.x	Won't Fix	Medium	Denis Meltsaykin	Mirantis OpenStack 7.0-updates

Bug Description

This leads to the User losing its admin rights in every tenant in current Dashboard session if he removes his admin rights in another tenant (not the one he is currently in), see https://bugs.launchpad.net/mos/+bug/1386696

For more info please see https://bugs.launchpad.net/horizon/+bug/1252341 comment#4, case#2 and the abandoned patch https://review.openstack.org/#/c/59826/ that addresses the problem.

Tags:

Timur Sufiev (tsufiev-x) on 2014-11-18

Changed in mos:
milestone:	none → 6.0

Dmitry Mescheryakov (dmitrymex) on 2014-11-24

tags:	added: keystone
Changed in mos:
importance:	Undecided → Medium
status:	New → Confirmed

Alexander Makarov (amakarov) on 2014-12-02

Changed in mos:
milestone:	6.0 → 6.0.1

Revision history for this message

Alexander Makarov (amakarov) wrote on 2014-12-04:

#1

First of all: this is not a token revocation issue.
Bug occurs on assignment deletion.

Changed in mos:
assignee:	MOS Keystone (mos-keystone) → Alexander Makarov (amakarov)
status:	Confirmed → In Progress

Revision history for this message

Alexander Makarov (amakarov) wrote on 2014-12-04:

#2

https://review.openstack.org/#/c/59826/3 unrelated here

Revision history for this message

Alexander Makarov (amakarov) wrote on 2014-12-04:

#3

The problem appeared in Horizon's attempt to perform admin action just after removal admin role from the user.

Changed in mos:
status:	In Progress → Invalid

Revision history for this message

Alexander Makarov (amakarov) wrote on 2014-12-04:

#4

Issue is not resolved: token revocation still cause errors.

Changed in mos:
status:	Invalid → Confirmed

Dmitry Mescheryakov (dmitrymex) on 2014-12-23

Changed in mos:
status:	Confirmed → Won't Fix

Revision history for this message

Alexander Makarov (amakarov) wrote on 2015-01-30:

#5

This will be resolved along with https://bugs.launchpad.net/keystone/+bug/1402760

Revision history for this message

Fuel Devops McRobotson (fuel-devops-robot) wrote on 2015-04-15: Fix proposed to openstack/keystone (openstack-ci/fuel-6.1/2014.2)

#6

Fix proposed to branch: openstack-ci/fuel-6.1/2014.2
Change author: Alexander Makarov <email address hidden>
Review: https://review.fuel-infra.org/5776

Revision history for this message

Fuel Devops McRobotson (fuel-devops-robot) wrote on 2015-04-15:

#7

Fix proposed to branch: openstack-ci/fuel-6.1/2014.2
Change author: Alexander Makarov <email address hidden>
Review: https://review.fuel-infra.org/5777

Revision history for this message

Fuel Devops McRobotson (fuel-devops-robot) wrote on 2015-04-15: Change abandoned on openstack/keystone (openstack-ci/fuel-6.1/2014.2)

#8

Change abandoned by Alexander Makarov <email address hidden> on branch: openstack-ci/fuel-6.1/2014.2
Review: https://review.fuel-infra.org/5776
Reason: In favor of 5776 which has the same ChangeId as the upstream patch

Changed in mos:
status:	In Progress → New

Alexander Makarov (amakarov) on 2015-04-16

Changed in mos:
status:	New → Fix Committed

Revision history for this message

Fuel Devops McRobotson (fuel-devops-robot) wrote on 2015-06-22: Fix proposed to openstack/keystone (openstack-ci/fuel-7.0/2015.1.0)

#9

Fix proposed to branch: openstack-ci/fuel-7.0/2015.1.0
Change author: Alexander Makarov <email address hidden>
Review: https://review.fuel-infra.org/8185

Revision history for this message

Fuel Devops McRobotson (fuel-devops-robot) wrote on 2015-07-22: Change abandoned on openstack/keystone (openstack-ci/fuel-7.0/2015.1.0)

#10

Change abandoned by Alexander Makarov <email address hidden> on branch: openstack-ci/fuel-7.0/2015.1.0
Review: https://review.fuel-infra.org/8185

Revision history for this message

Oleksiy Butenko (obutenko) wrote on 2015-09-29:

#12

Verified on MOS ISO 7.0 301
{"build_id": "301", "build_number": "301", "release_versions": {"2015.1.0-7.0": {"VERSION": {"build_id": "301", "build_number": "301", "api": "1.0", "fuel-library_sha": "5d50055aeca1dd0dc53b43825dc4c8f7780be9dd", "nailgun_sha": "4162b0c15adb425b37608c787944d1983f543aa8", "feature_groups": ["mirantis"], "fuel-nailgun-agent_sha": "d7027952870a35db8dc52f185bb1158cdd3d1ebd", "openstack_version": "2015.1.0-7.0", "fuel-agent_sha": "50e90af6e3d560e9085ff71d2950cfbcca91af67", "production": "docker", "python-fuelclient_sha": "486bde57cda1badb68f915f66c61b544108606f3", "astute_sha": "6c5b73f93e24cc781c809db9159927655ced5012", "fuel-ostf_sha": "2cd967dccd66cfc3a0abd6af9f31e5b4d150a11c", "release": "7.0", "fuelmain_sha": "a65d453215edb0284a2e4761be7a156bb5627677"}}}, "auth_required": true, "api": "1.0", "fuel-library_sha": "5d50055aeca1dd0dc53b43825dc4c8f7780be9dd", "nailgun_sha": "4162b0c15adb425b37608c787944d1983f543aa8", "feature_groups": ["mirantis"], "fuel-nailgun-agent_sha": "d7027952870a35db8dc52f185bb1158cdd3d1ebd", "openstack_version": "2015.1.0-7.0", "fuel-agent_sha": "50e90af6e3d560e9085ff71d2950cfbcca91af67", "production": "docker", "python-fuelclient_sha": "486bde57cda1badb68f915f66c61b544108606f3", "astute_sha": "6c5b73f93e24cc781c809db9159927655ced5012", "fuel-ostf_sha": "2cd967dccd66cfc3a0abd6af9f31e5b4d150a11c", "release": "7.0", "fuelmain_sha": "a65d453215edb0284a2e4761be7a156bb5627677"}

Revision history for this message

Denis Meltsaykin (dmeltsaykin) wrote on 2016-02-09:

#13

It turns out that the fix didn't make it into 7.0GA, because of unknown reasons.

Revision history for this message

Fuel Devops McRobotson (fuel-devops-robot) wrote on 2016-02-09: Fix proposed to openstack/keystone (openstack-ci/fuel-7.0/2015.1.0)

#14

Fix proposed to branch: openstack-ci/fuel-7.0/2015.1.0
Change author: Alexander Makarov <email address hidden>
Review: https://review.fuel-infra.org/16806

Revision history for this message

Alexander Makarov (amakarov) wrote on 2016-02-09:

#15

I've missed upstream/downstream release sequence and forgotten to cherry-pick the patch to stable/kilo in time.

Revision history for this message

Fuel Devops McRobotson (fuel-devops-robot) wrote on 2016-02-10: Change abandoned on openstack/keystone (openstack-ci/fuel-7.0/2015.1.0)

#16

Change abandoned by Denis V. Meltsaykin <email address hidden> on branch: openstack-ci/fuel-7.0/2015.1.0
Review: https://review.fuel-infra.org/16806
Reason: Abandoned in favor of https://review.fuel-infra.org/#/c/16788

Revision history for this message

Denis Meltsaykin (dmeltsaykin) wrote on 2016-02-29:

#17

Closing this as Won't Fix as it is being fixed and tracked in https://bugs.launchpad.net/mos/+bug/1386696

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.