openstack
/
keystone
Code Issues Proposed changes
keystone/keystone
History
“Richard df721d05bf Don't invalidate all user tokens of roleless group 
As discussed in [1], deleting a group invalidates all user tokens
which can flood the revocation event table if the deleted group
contained thousands of users in the group. This happens regardless
of whether the group had any role assignment or not. This patch makes
it so that only groups that had role assignments to a project or
domain can then invalidate user tokens, otherwise there is no need
to revoke each user token because the group was not assigned any form
of authorization to begin with.

[1]: https://bugs.launchpad.net/keystone/+bug/1268751

Related-Bug: #1268751

Change-Id: I22ad364cb4737df3ed086f78310f75f3099ab4c1
 		2016-11-29 04:28:45 +00:00
..
assignment Send the identity.deleted.role_assignment after the deletion 2016-11-28 01:18:10 -05:00
auth Allow fetching an expired token 2016-11-28 04:07:26 +00:00
catalog Merge "Replace tenant with project for keystone catalog" 2016-11-14 14:30:29 +00:00
cmd Merge "Doctor ldap check fix for config files" 2016-11-10 00:27:07 +00:00
common Merge "ignore deprecation warning for .encrypt()" 2016-11-28 14:54:31 +00:00
conf Allow fetching an expired token 2016-11-28 04:07:26 +00:00
contrib Remove metadata from token provider 2016-11-20 12:44:45 +00:00
credential log.error use _ of i18n 2016-10-25 10:35:43 +08:00
endpoint_policy Merge "Create unit tests for endpoint policy drivers" 2016-11-10 13:45:23 +00:00
federation Pass a request to controllers instead of a context 2016-10-29 21:19:08 +08:00
identity Don't invalidate all user tokens of roleless group 2016-11-29 04:28:45 +00:00
locale Imported Translations from Zanata 2016-10-15 06:59:46 +00:00
middleware Merge "Add is_admin_project to policy dict" 2016-10-14 15:59:07 +00:00
models Remove unused statements in matches 2016-11-21 19:11:49 +00:00
oauth1 Merge "Pass initiator to Manager as a kwarg" 2016-10-09 02:57:43 +00:00
policy Merge "Pass initiator to Manager as a kwarg" 2016-10-09 02:57:43 +00:00
resource Merge "Remove unused arg(project and initiator)" 2016-10-15 08:45:49 +00:00
revoke Improve check_token validation performance 2016-10-13 15:39:54 +00:00
server Implement encryption of credentials at rest 2016-09-02 04:25:49 +00:00
tests Don't invalidate all user tokens of roleless group 2016-11-29 04:28:45 +00:00
token Allow fetching an expired token 2016-11-28 04:07:26 +00:00
trust Remove eventlet-related call to sleep 2016-11-24 12:43:18 +00:00
v2_crud Verbose 401/403 debug responses 2016-11-21 14:11:52 +00:00
version remove deprecated `[endpoint_policy] enable` option 2016-10-07 20:12:28 +00:00
__init__.py Revert "Disable eventlet monkey-patching of DNS" 2013-05-10 10:24:48 -04:00
exception.py Remove support for PKI and PKIz tokens 2016-11-01 22:05:01 +00:00
i18n.py Change oslo.i18n to oslo_i18n 2015-02-09 18:10:07 -06:00
notifications.py Move audit initiator creation to request 2016-10-05 11:42:03 +11:00