Public bug reported:
Since we can't assign a project a role from a different domain, it is
expected to not create implied roles from different domains as well. For
example:
* user1
* project1 - domainA
* role1 - domainA
* role2 - domainB
* create an assignment: user1/project1/role1
If we create a rule where role1 implies role2, we would bypass the
domain restriction.
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1657865
Title:
It is possible to create cross domain implied roles
Status in OpenStack Identity (keystone):
New
Bug description:
Since we can't assign a project a role from a different domain, it is
expected to not create implied roles from different domains as well.
For example:
* user1
* project1 - domainA
* role1 - domainA
* role2 - domainB
* create an assignment: user1/project1/role1
If we create a rule where role1 implies role2, we would bypass the
domain restriction.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1657865/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
