According to your steps, you grant a group role, as you said, domain
admin won't be part of this group, so the behavior is correct. If you
want to domain admin still with this role, you should grant the role for
user and not just for group.
** Changed in: keystone
Status: New => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1590805
Title:
Revoking "admin" role from a group invalidates user token
Status in OpenStack Identity (keystone):
Invalid
Bug description:
Steps to reproduce
1. Login as domain admin
2. Create a new group and grant "admin" role to it.
3. Group will be empty with no users added to it.(Domain admin won't be part
of this group)
4. Now revoke "admin" role from this group.
5. Token for domain admin will be invalidated and he/she has to login again.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1590805/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
