OpenStack Identity (keystone)

  1. Bug #1233874
  2. Activity log

Activity log for bug #1233874

Date Who What changed Old value New value Message
2013-10-01 22:20:50 Arvind Tiwari bug added bug
2013-10-01 22:21:09 Arvind Tiwari keystone: assignee Arvind Tiwari (arvind-tiwari)
2013-10-03 21:31:22 Dolph Mathews keystone: importance Undecided Wishlist
2013-10-15 21:27:19 OpenStack Infra keystone: status New In Progress
2013-10-15 23:35:16 Dolph Mathews description As part of fix1186059 we have added user_id from "x-subject-token" to the API target and that is good to introduce a notion of token owner in policy. https://review.openstack.org/#/c/46123/21/keystone/common/controller.py Only user_id in the target is not sufficient to define a policy rule like "role:admin and domain_id:%(target.entity.domain_id)s" (admin role from token owner's domain) We need to introduce domain_id in policy_dict so that above mentioned rule can be defined. As a fix for bug 1186059 we have added user_id from "x-subject-token" to the API target and that is good to introduce a notion of token owner in policy. https://review.openstack.org/#/c/46123/21/keystone/common/controller.py Only user_id in the target is not sufficient to define a policy rule like "role:admin and domain_id:%(target.entity.domain_id)s" (admin role from token owner's domain) We need to introduce domain_id in policy_dict so that above mentioned rule can be defined.
2013-12-17 05:31:19 OpenStack Infra keystone: status In Progress Fix Committed
2014-01-22 15:47:12 Thierry Carrez keystone: status Fix Committed Fix Released
2014-01-22 15:47:12 Thierry Carrez keystone: milestone icehouse-2
2014-04-17 07:59:43 Thierry Carrez keystone: milestone icehouse-2 2014.1