Flask doesn't normalize domains sanely in some cases
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Critical
|
Morgan Fainberg |
Bug Description
Under webob, domain normalization (for creation of some resources) resulted in a few possible options:
* Domain ID present in ref -> no change to ref
* Domain ID not present, domain scoped token ->
ref[
* Domain ID not present, "admin" token -> raise ValidationError
* Domain ID not present, project scoped token -> default domain
[Deprecated functionality]
Under flask, only the first scenario worked. Keystone, Tempest, and Heat all only test for actual explicit domain id specified on creation (groups notably). Shade/SDK tests a broader form and caught this error[0][1] (reported by Monty Taylor)
[0] http://
[1] http://
Changed in keystone: | |
status: | New → Triaged |
importance: | Undecided → Critical |
assignee: | nobody → Morgan Fainberg (mdrnstm) |
milestone: | none → stein-1 |
Fix proposed to branch: master /review. openstack. org/603239
Review: https:/