diff options
Diffstat (limited to 'releasenotes/notes/bug-1873290-ff7f8e4cee15b75a.yaml')
| -rw-r--r-- | releasenotes/notes/bug-1873290-ff7f8e4cee15b75a.yaml | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/releasenotes/notes/bug-1873290-ff7f8e4cee15b75a.yaml b/releasenotes/notes/bug-1873290-ff7f8e4cee15b75a.yaml new file mode 100644 index 000000000..ad35a3047 --- /dev/null +++ b/releasenotes/notes/bug-1873290-ff7f8e4cee15b75a.yaml @@ -0,0 +1,19 @@ +--- +security: + - | + [`bug 1873290 <https://bugs.launchpad.net/keystone/+bug/1873290>`_] + [`bug 1872735 <https://bugs.launchpad.net/keystone/+bug/1872735>`_] + Fixed the token model to respect the roles authorized OAuth1 access tokens. + Previously, the list of roles authorized for an OAuth1 access token were + ignored, so when an access token was used to request a keystone token, the + keystone token would contain every role assignment the creator had for the + project. This also fixed EC2 credentials to respect those roles as well. +fixes: + - | + [`bug 1873290 <https://bugs.launchpad.net/keystone/+bug/1873290>`_] + [`bug 1872735 <https://bugs.launchpad.net/keystone/+bug/1872735>`_] + Fixed the token model to respect the roles authorized OAuth1 access tokens. + Previously, the list of roles authorized for an OAuth1 access token were + ignored, so when an access token was used to request a keystone token, the + keystone token would contain every role assignment the creator had for the + project. This also fixed EC2 credentials to respect those roles as well. |