[Openstack-security] [Bug 1430951] Re: Revocation causes duplicate events in revocation table
Dolph Mathews
1430951 at bugs.launchpad.net
Wed Mar 18 21:06:38 UTC 2015
Both of those additional defects sound like intended behavior: the user
had a reduction in authorization and thus a revocation event was
emitted. Trying to be more granular than that is the performance
nightmare that we see with token persistence and the token revocation
*list*.
** Tags added: security
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1430951
Title:
Revocation causes duplicate (and overly broad?) events in revocation
table
Status in OpenStack Identity (Keystone):
Triaged
Bug description:
Revoke a project scoped token
You see 3 entries in revocation_event table
1) (id, user_id, project_id, role_id, issued_before)
2) (id, user_id,, issued_before)
3) (id, user_id,, issued_before)
2 & 3 are redundant. Definitely 3) is redundant as it is same as 2)
BTW, this from master branch as of 3/11/2015
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1430951/+subscriptions
More information about the Openstack-security
mailing list