domain admin token will be treated as cloud admin
Bug #1651989 reported by
Henry Nash
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
High
|
Henry Nash | ||
OpenStack Keystone Charm |
Fix Released
|
High
|
Frode Nordahl | ||
keystone (Juju Charms Collection) |
Invalid
|
High
|
Frode Nordahl |
Bug Description
The new capability of is_admin_project is currently only supported for projects. However, the existing code for token models will return is_admin_project as True if the attribute has not been set. Hence admin domain tokens might get interpreted as cloud admin tokens. This is currently masked by a bug in our policy samples that do not correctly check for is_admin_project.
Related branches
lp:~fnordahl/charm-helpers/bug-1651989
- Liam Young (community): Approve
-
Diff: 96 lines (+48/-18)1 file modifiedcharmhelpers/contrib/openstack/amulet/utils.py (+48/-18)
Changed in keystone: | |
assignee: | nobody → Henry Nash (henry-nash) |
status: | New → In Progress |
Changed in keystone: | |
assignee: | Henry Nash (henry-nash) → Steve Martinelli (stevemar) |
Changed in keystone: | |
milestone: | none → ocata-3 |
Changed in keystone: | |
assignee: | Steve Martinelli (stevemar) → Henry Nash (henry-nash) |
Changed in keystone (Juju Charms Collection): | |
status: | New → Triaged |
importance: | Undecided → High |
milestone: | none → 17.01 |
Changed in keystone (Juju Charms Collection): | |
assignee: | nobody → Frode Nordahl (fnordahl) |
tags: | added: sts |
tags: | added: openstack |
Changed in charm-keystone: | |
assignee: | nobody → Frode Nordahl (fnordahl) |
importance: | Undecided → High |
status: | New → Fix Committed |
Changed in keystone (Juju Charms Collection): | |
status: | Fix Committed → Invalid |
Changed in charm-keystone: | |
milestone: | none → 17.02 |
Changed in charm-keystone: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Marking as High importance as it is a security issue.