Empty mappring engine white/black lists should be treated differently than lack of them.
Bug #1434653 reported by
Marek Denis
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Low
|
Marek Denis |
Bug Description
Keystone mapping engine should correctly distinguish between empty black/whitelists and lack of them in the mapping rules.
Today, a mapping rule with
{
"local": [....],
"remote: [
{
}
]
}
will pass all the values conveyed under the parameter "x", whereas it should block (whitelist 0 elements) all the elements.
Since mapping engine rules engine about groups/roles assigned to the user it's extremely important to make the rules logic as strict as possible.
Changed in keystone: | |
assignee: | nobody → Marek Denis (marek-denis) |
Changed in keystone: | |
status: | New → In Progress |
Changed in keystone: | |
importance: | Undecided → Low |
Changed in keystone: | |
milestone: | none → kilo-rc1 |
Changed in keystone: | |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | kilo-rc1 → 2015.1.0 |
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/164798 /git.openstack. org/cgit/ openstack/ keystone/ commit/ ?id=19190d65189 34699f184539e28 b4af638ca430ed
Committed: https:/
Submitter: Jenkins
Branch: master
commit 19190d651893469 9f184539e28b4af 638ca430ed
Author: Adam Young <email address hidden>
Date: Mon Mar 16 13:34:59 2015 -0400
Distinguish between unset and empty black and white lists
With this patch the matching logic is as follows:
*) No whitelist specified - accept all values
*) Empty whitelist specified - discard all values
*) No blacklist specified - accept all values
*) Empty blacklist specified -accept all values
Closes-Bug: #1434653 8b467feb53c6fad 65d0626526a
Change-Id: I572d5044b74918