the domain name is case insensitive with keystone v3
Bug #1229093 reported by
hill
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Medium
|
David Stanek |
Bug Description
I found the domain name is case insensitive when i use keystone /v3/auth/tokens which means
i can use the "default", "deFault" as domain name to get the valid token.
When i checked the code , i found the keystone uses database query to get the domain by name , if my database
is mysql with default configuration then it is case insensitive, but the postgres is case sensitive by default.
This is not a consistent API behavior. I would like to get the same output no matter what kind of db in backend.
I propose to use case sensitive due to security reason.
summary: |
- the domain name is insensitive with keystone v3 + the domain name is case insensitive with keystone v3 |
Changed in keystone: | |
assignee: | nobody → Dolph Mathews (dolph) |
status: | New → In Progress |
Changed in keystone: | |
status: | In Progress → Triaged |
Changed in keystone: | |
assignee: | nobody → Alexey Miroshkin (amirosh) |
Changed in keystone: | |
assignee: | Henrique Truta (henriquetruta) → David Stanek (dstanek) |
To post a comment you must log in.
I restored some old tests that illustrate keystone's intent to be case sensitive. On the MySQL side, you can certainly configure it to be case sensitive (e.g. using utf8_bin, although I'm not sure that the best solution?), so perhaps this is something we can address via migrations.