the domain name is case insensitive with keystone v3
Bug #1229093 reported by
hill
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Identity (keystone) |
Fix Released
|
Medium
|
David Stanek | ||
Bug Description
I found the domain name is case insensitive when i use keystone /v3/auth/tokens which means
i can use the "default", "deFault" as domain name to get the valid token.
When i checked the code , i found the keystone uses database query to get the domain by name , if my database
is mysql with default configuration then it is case insensitive, but the postgres is case sensitive by default.
This is not a consistent API behavior. I would like to get the same output no matter what kind of db in backend.
I propose to use case sensitive due to security reason.
| summary: |
- the domain name is insensitive with keystone v3 + the domain name is case insensitive with keystone v3 |
| Changed in keystone: | |
| assignee: | nobody → Dolph Mathews (dolph) |
| status: | New → In Progress |
Revision history for this message
| Dolph Mathews (dolph) wrote | #1 |
| Changed in keystone: | |
| importance: | Undecided → Medium |
Revision history for this message
| Dolph Mathews (dolph) wrote | #2 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to keystone (master) | #3 |
Revision history for this message
| Kurt Seifried (kseifried) wrote | #4 |
Revision history for this message
| Dolph Mathews (dolph) wrote | #5 |
| Changed in keystone: | |
| assignee: | Dolph Mathews (dolph) → nobody |
| Changed in keystone: | |
| status: | In Progress → Triaged |
| Changed in keystone: | |
| assignee: | nobody → Alexey Miroshkin (amirosh) |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to keystone (master) | #6 |
| Changed in keystone: | |
| assignee: | Alexey Miroshkin (amirosh) → Henrique Truta (henriquetruta) |
| status: | Triaged → In Progress |
| Changed in keystone: | |
| assignee: | Henrique Truta (henriquetruta) → David Stanek (dstanek) |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to keystone (master) | #7 |
| Changed in keystone: | |
| status: | In Progress → Fix Released |
Revision history for this message
| Thierry Carrez (ttx) wrote Fix included in openstack/keystone 9.0.0.0b3 | #8 |
To post a comment you must log in.
I restored some old tests that illustrate keystone's intent to be case sensitive. On the MySQL side, you can certainly configure it to be case sensitive (e.g. using utf8_bin, although I'm not sure that the best solution?), so perhaps this is something we can address via migrations.