Rationalize how user roles are obtained at authentication time
The auth/token controllers have different strategies of obtaining the list of user project/domain roles at authentication time - with varied use of the optional project id available in the identity driver authenticate call. Only the v2 authenticate_local uses this feature, the others (external and token) and all v3 read the roles for the project after authenticating with just the user details. Further the v2 code builds the roles lists by hand (allowing for groups), while the v3 version calls the "get_user_
We should rationalize this - and always just authenticate for the user and then call the "get_user_
Blueprint information
- Status:
- Complete
- Approver:
- Henry Nash
- Priority:
- Medium
- Drafter:
- Henry Nash
- Direction:
- Needs approval
- Assignee:
- Henry Nash
- Definition:
- Approved
- Series goal:
- Accepted for havana
- Implementation:
- Implemented
- Milestone target:
- 2013.2
- Started by
- Henry Nash
- Completed by
- Henry Nash
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Rationalize how we get roles after authentication in the controllers