** Changed in: keystone/kilo Status: Fix Committed => Fix Released
-- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1401926 Title: Role revocation invalidates tokens on all user projects Status in OpenStack Identity (keystone): Fix Released Status in OpenStack Identity (keystone) kilo series: Fix Released Bug description: Keystone invalidates every token for a user after changing its roles within one project. This was reported by Horizon team, here are related bugs: - https://bugs.launchpad.net/mos/+bug/1393732 - https://bugs.launchpad.net/horizon/+bug/1252341 After some debugging I discovered, that it looks like revocation extension bug: I added this test case to tests.test_v3_auth.TestTokenRevokeById http://paste.openstack.org/show/149939/ It assigns role to user on 2 different project, authorizes user on those projects, revokes the role from one of the projects. Token to the other, "intact" project, seizes to validate. Further investigation gave me that token is not deleted, but a revocation event created matching both tokens. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1401926/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp