a normal user can get other user's ec2credential
Bug #1417366 reported by
wanghong
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Identity (keystone) |
Fix Released
|
Medium
|
wanghong | ||
Bug Description
https:/
Note that owner is only check if the user owns the passed token. In fact, we should also check if the user owns the credential. The correct policy should be the one ec2_delete_
https:/
| Changed in keystone: | |
| assignee: | nobody → wanghong (w-wanghong) |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to keystone (master) | #1 |
| Changed in keystone: | |
| status: | New → In Progress |
| Changed in keystone: | |
| milestone: | none → kilo-rc1 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to keystone (master) | #2 |
| Changed in keystone: | |
| status: | In Progress → Fix Committed |
| Changed in keystone: | |
| importance: | Undecided → High |
| importance: | High → Medium |
| Changed in keystone: | |
| status: | Fix Committed → Fix Released |
| Changed in keystone: | |
| milestone: | kilo-rc1 → 2015.1.0 |
To post a comment you must log in.
Fix proposed to branch: master
Review: https:/