| 2013-05-31 00:38:03 |
Arvind Tiwari |
description |
It seems V3 Revoke token API is doing V2 style admin check even if the caller is authorized based on auth policy. The APi call is landing at "keystone.token.controllers.delete_token" method which try to do assert_admin(context) which will fail if the call is not an V2 type admin.
API: DELETE http://localhost:35358/v3/auth/tokens
Below is the block of code from keystone.token.controllers.delete_token which does assert_admin checks
def delete_token(self, context, token_id):
"""Delete a token, effectively invalidating it for authz."""
# TODO(termie): this stuff should probably be moved to middleware
self.assert_admin(context)
self.token_api.delete_token(context=context, token_id=token_id) |
V3 Revoke token API is doing V2 style admin check even if the caller is authorized based on auth policy. The APi call is landing at "keystone.token.controllers.delete_token" method which try to do assert_admin(context) which will fail if the call is not an V2 type admin.
API: DELETE http://localhost:35358/v3/auth/tokens
Below is the block of code from keystone.token.controllers.delete_token which does assert_admin checks
def delete_token(self, context, token_id):
"""Delete a token, effectively invalidating it for authz."""
# TODO(termie): this stuff should probably be moved to middleware
self.assert_admin(context)
self.token_api.delete_token(context=context, token_id=token_id) |
|
