OpenStack Identity (keystone)

  1. Bug #1201487
  2. Comment #2

Comment 2 for bug 1201487

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/45584
Committed: http://github.com/openstack/keystone/commit/fb6b5eba634788ce8976cee798cfcc4330f0570a
Submitter: Jenkins
Branch: master

commit fb6b5eba634788ce8976cee798cfcc4330f0570a
Author: Henry Nash <email address hidden>
Date: Sun Sep 8 21:07:07 2013 +0100

    Rationalize list_user_projects and get_projects_for_user

    These two functions have slightly different implementations and yet neither
    takes into account group or inherited roles. Rationalize these into a single
    list_projects_for_user() that gets the correct list of project refs, allowing
    for group and inherited roles. The public API name, as referenced in the
    policy file, remains as 'list_user_projects' to avoid a policy file change
    at this late stage.

    The most common use cases of the above is via the v2 API, when we need
    to ensure only projects from the default domain are included. Given that
    this means we must inspect each project ref anyway, having a call that
    returns a list of IDs will not be any more efficient than returning the
    project refs and letting the caller extract the IDs.

    Fixes bug #1201487

    Change-Id: I614140639c71dae4dfe501d27eda65e41a78694d