Uses with an unscoped project token are authorized to list and create designate domains. Based on the policy file, this shoudl not be allowed.
If a user gets a token that is not scoped to a project, that user is able to list and create designate domains.
I would expect that only token scoped to a tenant with the required role should be authorized to successfully make the create and get domain calls.
Uses with an unscoped project token are authorized to list and create designate domains. Based on the policy file, this shoudl not be allowed.
If a user gets a token that is not scoped to a project, that user is able to list and create designate domains.
I would expect that only token scoped to a tenant with the required role should be authorized to successfully make the create and get domain calls.
For example: /KEYSTONE_ ENDPOINT: 35357/v2. 0/tokens HTTP/1.1
POST https:/
Connection: close
Content-Type: application/json
Content-Length: 150
{ passwordCredent ials":{
"username" :"testUserName" ,
"password" :"password"
"auth":{
"
}
}
}
Response: 29T19:12: 41.885602" , 29T21:12: 41Z", d0b0e84fd07863a 8b9", F6cTe_R9Q" ]
{"access": {
"token": {
"issued_at": "2015-05-
"expires": "2015-05-
"id": "a2ce8e93ac6b43
"audit_ids": ["zus4wLUbSK6mj
},
...
Create domain
POST https:/ /DESIGNATE_ ENDPOINT: 9001/v1/ domains HTTP/1.1 0b0e84fd07863a8 b9
Connection: close
X-Auth-Token: a2ce8e93ac6b43d
Content-Type: application/json
Content-Length: 85
{ org.",
"name": "test-tc21abc.
"ttl": 3600,
"email": "<email address hidden>"
}
Response: DESIGNATE_ ENDPOINT: 9001/v1/ domains/ 6e1f4190- 9901-488b- a9f4-489bf10300 67 Request- Id: req-22ee36ba- f5db-4c9f- b26c-732a39bdca 85
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 248
Location: http://
X-Openstack-
Date: Fri, 29 May 2015 19:12:43 GMT
Connection: close
{ 29T19:12: 43.000000" , 9901-488b- a9f4-489bf10300 67", org.",
"created_at": "2015-05-
"description": null,
"email": "<email address hidden>",
"id": "6e1f4190-
"name": "test-tc21abc.
"serial": 1432926762,
"ttl": 3600,
"updated_at": null
}
Get domains
GET https:/ /DESIGNATE_ ENDPOINT: 9001/v1/ domains HTTP/1.1 0b0e84fd07863a8 b9
Connection: close
X-Auth-Token: a2ce8e93ac6b43d
Response: Request- Id: req-0f8cea71- 05d0-43f1- 954d-c2d6d01490 0c
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 311
X-Openstack-
Date: Fri, 29 May 2015 19:12:43 GMT
Connection: close
{ 29T19:12: 43.000000" , description" : null, 9901-488b- a9f4-489bf10300 67", org.",
"domains": [
{
"created_at": "2015-05-
"
"email": "<email address hidden>",
"id": "6e1f4190-
"name": "test-tc21abc.
"serial": 1432926762,
"ttl": 3600,
"updated_at": null
}
]
}