Comment 14 for bug 988920
Revision history for this message
| Dolph Mathews (dolph) wrote Re: Token authentication for a user in a disabled tenant does not raise Unauthorized error | #14 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
Russell: It's exactly as you describe.
In this case, authentication succeeds as expected, but authorization should fail (disabling the tenant should break the user-tenant authorization relationship).
Once the token is established with authorization on the tenant, keystone would respond 200 OK to token validation requests from other OpenStack services, allowing the user to work with the tenant's resources -- probably not what the admin had in mind when disabling the tenant!