openstack
/
keystone
Code Issues Proposed changes
keystone/keystone/identity
History
“Richard df721d05bf Don't invalidate all user tokens of roleless group 
As discussed in [1], deleting a group invalidates all user tokens
which can flood the revocation event table if the deleted group
contained thousands of users in the group. This happens regardless
of whether the group had any role assignment or not. This patch makes
it so that only groups that had role assignments to a project or
domain can then invalidate user tokens, otherwise there is no need
to revoke each user token because the group was not assigned any form
of authorization to begin with.

[1]: https://bugs.launchpad.net/keystone/+bug/1268751

Related-Bug: #1268751

Change-Id: I22ad364cb4737df3ed086f78310f75f3099ab4c1
 		2016-11-29 04:28:45 +00:00
..
backends Lockout ignore user list 2016-11-18 22:37:45 +00:00
id_generators Replace six iteration methods with standard ones 2016-09-08 18:56:31 +08:00
mapping_backends Merge "Faster id mapping lookup" 2016-11-01 00:08:36 +00:00
shadow_backends Remove stable driver interfaces 2016-09-28 17:18:37 +00:00
__init__.py Remove exposure of routers at package level 2015-12-03 15:06:56 -03:00
controllers.py Verbose 401/403 debug responses 2016-11-21 14:11:52 +00:00
core.py Don't invalidate all user tokens of roleless group 2016-11-29 04:28:45 +00:00
generator.py Replace keystone.common.config with keystone.conf package 2016-06-24 17:02:15 +00:00
routers.py Implement HEAD method for all v3 GET actions 2016-03-22 10:27:53 -07:00
schema.py Fix some typos in comments 2016-08-26 12:17:00 +02:00