*** This bug is a duplicate of bug 1403539 *** https://bugs.launchpad.net/bugs/1403539
I'm closing this defect, since it is essentially a duplicate of https://bugs.launchpad.net/keystone/+bug/1403539. Please re-open if you think there is a distinct defect here. ** This bug has been marked a duplicate of bug 1403539 Can't create both inherited and direct role assignment on same entities -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1484577 Title: OS-INHERIT does not seem to work for users but works for groups Status in OpenStack Identity (keystone): Triaged Bug description: Using Kilo, I'm following thehttp://specs.openstack.org/openstack /keystone-specs/api/v3/identity-api-v3-os-inherit-ext.html#what-s-new- in-version-1-1 instructions to experiment with role inheritances on projects of a domain. (not dealing with subprojects just yet). I'm having some problem getting OS-INHERIT to work when the target of the assignment is a user. It works if the target is a group. I'm able to PUT a project role inheritance record but not get it back: PUT: /v3/OS-INHERIT/ domains/288b1c4d3f7b43a4b8708016d9ae3ec5/ users/257cc461fde84f8aac1af1b42a7314f2/ roles/daa86839ba154426ad34a95975d2d188/inherited_to_projects (side note: I noticed though that it validates domain, roles, but not user. The PUT succeeds if I put an invalid user.) HEAD on the same path above returns 404. Also, this: GET: /v3/OS-INHERIT/ domains/288b1c4d3f7b43a4b8708016d9ae3ec5/ users/257cc461fde84f8aac1af1b42a7314f2/ roles/inherited_to_projects returns 200, but an empty list of roles. So somehow, the PUT doesn't stick, I'm not sure why. Consequently, I'm also not able to get a project token with expected roles from the domain etc. Interestingly, this works with groups. In other words, if I do a: PUT: /v3/OS-INHERIT/ domains/d groups/g/ roles/x then, a user from that group g can get a project scoped token with role x in any project of domain d. It doesn't seem to be working when using the inherited grant on users directly? To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1484577/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp