Public bug reported: Today it is possible to define an implied role structure that is not a DAG. This will crash the Keystone server if a token iis requested that will pull in any of those roles.
While it might be impractical to prevent cycles in the creation, it is very possible to prevent the expansion from crashing the server. ** Affects: keystone Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1536321 Title: cyclic dependencies in implied roles Status in OpenStack Identity (keystone): New Bug description: Today it is possible to define an implied role structure that is not a DAG. This will crash the Keystone server if a token iis requested that will pull in any of those roles. While it might be impractical to prevent cycles in the creation, it is very possible to prevent the expansion from crashing the server. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1536321/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp