OpenStack Identity (keystone)

LDAP get_project_users should not return password

Bug #1190286 reported by Sahdev Zala on 2013-06-12

8

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	High	Sahdev Zala	OpenStack Identity (keystone) 2013.2 "havana"

Bug Description

test_get_project_users is incorrectly skipped in the test_backend_ldap. It's not related to multiple LDAP support. Do not skip it by fixing the get_project_users method in core.py.

Sahdev Zala (spzala) on 2013-06-12

Changed in keystone:
assignee:	nobody → Sahdev Zala (spzala)

Revision history for this message

Dolph Mathews (dolph) wrote on 2013-06-12:

#1

Some detail about what exactly needs to be fixed in the "get_project_users method in core.py" would be appreciated.

Changed in keystone:
status:	New → Incomplete

Revision history for this message

Sahdev Zala (spzala) wrote on 2013-06-12:

#2

Hi Dolph, I am working on it and updating the patch later today.

The main thing I think need to be fixed is get_projects_users should not return 'password' information of the users. Hope this makes sense.

Thanks!

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-06-12: Fix proposed to keystone (master)

#3

Fix proposed to branch: master
Review: https://review.openstack.org/32776

Changed in keystone:
status:	Incomplete → In Progress

Revision history for this message

Sahdev Zala (spzala) wrote on 2013-06-12: Re: test test_get_project_users should not be skipped for ldap

#4

Hi Dolph, just updated the patch. Please take a look as you get a chance. Thanks!

Sahdev Zala (spzala) on 2013-06-12

summary:

- test test_get_project_users should not be skipped for ldap
+ LDAP test_get_project_users should not return password and be skipped
+ for ldap

Revision history for this message

Dolph Mathews (dolph) wrote on 2013-06-12:

#5

The password values coming back from that call are not in plaintext, correct?

summary:	- LDAP test_get_project_users should not return password and be skipped - for ldap + LDAP get_project_users should not return password
tags:	added: grizzly-backport-potential
Changed in keystone:
importance:	Undecided → High

Revision history for this message

Sahdev Zala (spzala) wrote on 2013-06-12:

#6

Hi Dolph, correct. The return value of password is not plain text, it's hashed.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-06-17: Fix merged to keystone (master)

#7

Reviewed: https://review.openstack.org/32776
Committed: http://github.com/openstack/keystone/commit/61c72f73424c47d21e533b0bdde997f6e0a4de45
Submitter: Jenkins
Branch: master

commit 61c72f73424c47d21e533b0bdde997f6e0a4de45
Author: Sahdev Zala <email address hidden>
Date: Wed Jun 12 14:38:33 2013 -0500

LDAP get_project_users should not return password

Also with this fix no need to skip get_project_users for LDAP.

Fixes bug1190286

Change-Id: I6ab6b4179c36d49b8a2eab1ea67ce0d6339751f5

Changed in keystone:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2013-07-17

Changed in keystone:
milestone:	none → havana-2
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2013-10-17

Changed in keystone:
milestone:	havana-2 → 2013.2

Alan Pevec (apevec) on 2014-03-30

tags:

removed: grizzly-backport-potential

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.