with token
jason@ubuntu:~/project/keystone$ curl -H "X-Auth-Token:ecab59a3f4e2468b9934c24f8660a809" http://0.0.0.0:35357/v2.0/tenants/1f73672bf2184a909abc8fe67e7a537d/users/b84f6dbb6d7b4130a8a9e9298ec96164/roles | python -m json.tool
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed
100 72 100 72 0 0 242 0 --:--:-- --:--:-- --:--:-- 270
{
"roles": [
{
"id": "06906f69ffd44ad0b9fc86d1c3d1bcbd",
"name": "admin"
}
]
}
What we expect:
without a token
jason@ubuntu:~/project/keystone$ curl http://0.0.0.0:35357/v2.0/tenants/1f73672bf2184a909abc8fe67e7a537d/users/b84f6dbb6d7b4130a8a9e9298ec96164/roles | python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed
100 116 100 116 0 0 848 0 --:--:-- --:--:-- --:--:-- 1026
{
"error": {
"code": 401,
"message": "The request you have made requires authentication.",
"title": "Not Authorized"
}
}
Admin API /v2.0/tenants/ {tenant_ id}/users/ {user_id} /roles doesn't validate token
we can get the same result without a token in HTTP head.
Eg: ~/project/ keystone$ curl http:// 0.0.0.0: 35357/v2. 0/tenants/ 1f73672bf2184a9 09abc8fe67e7a53 7d/users/ b84f6dbb6d7b413 0a8a9e9298ec961 64/roles | python -m json.tool
Dload Upload Total Spent Left Speed d0b9fc86d1c3d1b cbd",
without a token
jason@ubuntu:
% Total % Received % Xferd Average Speed Time Time Time Current
100 72 100 72 0 0 308 0 --:--:-- --:--:-- --:--:-- 346
{
"roles": [
{
"id": "06906f69ffd44a
"name": "admin"
}
]
}
with token ~/project/ keystone$ curl -H "X-Auth- Token:ecab59a3f 4e2468b9934c24f 8660a809" http:// 0.0.0.0: 35357/v2. 0/tenants/ 1f73672bf2184a9 09abc8fe67e7a53 7d/users/ b84f6dbb6d7b413 0a8a9e9298ec961 64/roles | python -m json.tool
Dload Upload Total Spent Left Speed d0b9fc86d1c3d1b cbd",
jason@ubuntu:
% Total % Received % Xferd Average Speed Time Time Time Current
100 72 100 72 0 0 242 0 --:--:-- --:--:-- --:--:-- 270
{
"roles": [
{
"id": "06906f69ffd44a
"name": "admin"
}
]
}
What we expect: ~/project/ keystone$ curl http:// 0.0.0.0: 35357/v2. 0/tenants/ 1f73672bf2184a9 09abc8fe67e7a53 7d/users/ b84f6dbb6d7b413 0a8a9e9298ec961 64/roles | python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
without a token
jason@ubuntu:
100 116 100 116 0 0 848 0 --:--:-- --:--:-- --:--:-- 1026
{
"error": {
"code": 401,
"message": "The request you have made requires authentication.",
"title": "Not Authorized"
}
}
Attached is a diff of the changes.