2014-09-04 19:32:13 |
Lance Bragstad |
description |
In Icehouse release, CRUD grant functions[1] don't check if user_id and group_id exists.
role_id, domain_id and project_id are checked and I don't see any reason why don't check user_id and group_id as well. I think we should change these functions to check if user_id and group_id exists.
[1] https://github.com/openstack/keystone/blob/stable/icehouse/keystone/assignment/backends/ldap.py#L347 |
In Icehouse release, CRUD grant functions[1] don't check if user_id and group_id exists.
role_id, domain_id and project_id are checked and I don't see any reason to not check if the user_id and group_ids are valid. I think we should change these functions to check if the user and/or group exists before creating/updating the grant.
[1] https://github.com/openstack/keystone/blob/stable/icehouse/keystone/assignment/backends/ldap.py#L347 |
|