Checking whether group has role assignment on domain without specifying a role ID result in HTTP 200
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Invalid
|
Medium
|
Unassigned |
Bug Description
It should've been either 400 or 404. Steps to reproduce.
1. install a vanilla devstack
2. use "openstack group list" to find a group ID. Any group will do. i.e.
openstack group list
+------
| ID | Name |
+------
| 64e5dcd8dea0429
| 9ff3c6f47a03422
+------
3. get a token. i.e. "openstack token issue"
4. call the check group assignment on domain API using curl without specifying the role ID and you can see an HTTP 200 is returned. i.e.
curl -v --head -H 'X-Auth-Token: gAAAAABYtwwzxv9
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 80 (#0)
> HEAD /identity/
> Host: localhost
> User-Agent: curl/7.47.0
> Accept: */*
> X-Auth-Token: gAAAAABYtwwzxv9
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Date: Wed, 01 Mar 2017 18:06:01 GMT
Date: Wed, 01 Mar 2017 18:06:01 GMT
< Server: Apache/2.4.18 (Ubuntu)
Server: Apache/2.4.18 (Ubuntu)
< Vary: X-Auth-Token
Vary: X-Auth-Token
< x-openstack-
x-openstack-
< Content-Length: 158
Content-Length: 158
< Content-Type: application/json
Content-Type: application/json
<
* Connection #0 to host localhost left intact
Changed in keystone: | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Wouldn't that make the request list the roles for that group in that domain?
/v3/domains/ {domain_ id}/groups/ {group_ id}/roles /developer. openstack. org/api- ref/identity/ v3/index. html?expanded= list-role- assignments- for-group- on-domain- detail# list-role- assignments- for-group- on-domain
https:/