a normal user can get other user's ec2credential
Bug #1417366 reported by
wanghong
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Medium
|
wanghong |
Bug Description
https:/
Note that owner is only check if the user owns the passed token. In fact, we should also check if the user owns the credential. The correct policy should be the one ec2_delete_
https:/
Changed in keystone: | |
assignee: | nobody → wanghong (w-wanghong) |
Changed in keystone: | |
milestone: | none → kilo-rc1 |
Changed in keystone: | |
importance: | Undecided → High |
importance: | High → Medium |
Changed in keystone: | |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | kilo-rc1 → 2015.1.0 |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/152444
Review: https:/