List role assignments by role ID may leak extra system assignments outside of filter
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Undecided
|
Colleen Murphy |
Bug Description
If there are multiple role assignments on the system and some of the assignments use different roles, it's possible for the /v3/role_
> curl -H "x-auth-token: $token" http://
{
"role_
{
"links": {
},
"scope": {
"domain": {
"id": "default"
}
},
"user": {
"id": "3cb997afc0ee40
},
"role": {
"id": "06918d98646d45
}
},
{
"links": {
},
"scope": {
"system": {
"all": true
}
},
"user": {
"id": "3cb997afc0ee40
},
"role": {
"id": "06918d98646d45
}
},
{
"links": {
},
"scope": {
"system": {
"all": true
}
},
"user": {
"id": "5ee04ef91dc34c
},
"role": {
"id": "eefef753f4734d
}
},
{
"links": {
},
"scope": {
"system": {
"all": true
}
},
"user": {
"id": "ac265ddf2d0449
},
"role": {
"id": "6832b2d3d5254f
}
}
],
"links": {
"next": null,
"self": "http://
"previous": null
}
}
Fix proposed to branch: master /review. opendev. org/700826
Review: https:/