GET /v3/users and /v3/groups lists entries in all domains
Bug #1356682 reported by
Adam Young
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Opinion
|
Undecided
|
Unassigned |
Bug Description
The behaviour of this API is different if CONF.identity.
The correct behavior would be to only list users for the domain extracted from the users tokens, regardless of the value set here. Otherwise, data leaks across domains.
To post a comment you must log in.
$ http http:// localhost: 5000/v3/ users X-Auth- Token:8ae436b60 ca047af8745af85 551a3d72
HTTP/1.1 200 OK
Content-Length: 4137
Content-Type: application/json
Date: Wed, 13 Aug 2014 22:58:08 GMT
Server: Apache/2.4.10 (Fedora) mod_wsgi/3.5 Python/2.7.5
Vary: X-Auth-Token
{ 10.0.1. 62:5000/ v3/users" project_ id": "84caa4bfe58942 6db2117f2c29ad5 4c6", 83abfd42b57290c 137", 10.0.1. 62:5000/ v3/users/ 159db39c66ac4b8 3abfd42b57290c1 37" project_ id": "84caa4bfe58942 6db2117f2c29ad5 4c6", c78e9e8d81b7899 f39", 10.0.1. 62:5000/ v3/users/ 68d32890819c4dc 78e9e8d81b7899f 39" 888e782a308d6eb 20f", fba168fcb0ab9be 40b", 10.0.1. 62:5000/ v3/users/ 7a590a6df2f34cf ba168fcb0ab9be4 0b" project_ id": "324d1ec2fe9f44 f591d013b592479 dd0", 1a9b7861a2ef712 be4", 10.0.1. 62:5000/ v3/users/ 7b39d6834aca4f1 a9b7861a2ef712b e4" project_ id": "324d1ec2fe9f44 f591d013b592479 dd0", 5dbc179cd6b6cf3 31b", 10.0.1. 62:5000/ v3/users/ 7b6cfc976e3b4e5 dbc179cd6b6cf33 1b" project_ id": "53f8037d955749 e8ad134c1055f50 22c", 3988b21b7c9b1af 70a", 10.0.1. 62:5000/ v3/users/ 7f691c2dc67b403 988b21b7c9b1af7 0a" project_ id": "324d1ec2fe9f44 f591d013b592479 dd0", aea9ad15cb404a4 66c", 10.0.1. 62:5000/ v3/users/ 83d5d384b29d49a ea9ad15cb404a46 6c" project_ id": "7fee0cba826f4f e293e638f8f3bf2 982", 05bc1e6e0d93de3 970", 10.0.1. 62:5000/ v3/users/ 9603a6806d6a440 5bc1e6e0d93de39 70" project_ id": "ca0752255dc445 0e977e753b221a8 e91", f29ffaaa1873b8e 29d", 10.0.1. 62:5000/ v3/users/ 9a28cbebbe4245f 29ffaaa1873b8e2 9d" project_ id": "0a37a6c21d3e40 718e74f92a8ff94 307", 2aa459be1adc9d1 5c6", 10.0.1. 62:5000/ v3/users/ 9e8fda6c9add452 aa459be1adc9d15 c6" project_ id": "3...
"links": {
"next": null,
"previous": null,
"self": "http://
},
"users": [
{
"default_
"domain_id": "default",
"email": "<email address hidden>",
"enabled": true,
"id": "159db39c66ac4b
"links": {
"self": "http://
},
"name": "swiftusertest1"
},
{
"default_
"domain_id": "default",
"email": "<email address hidden>",
"enabled": true,
"id": "68d32890819c4d
"links": {
"self": "http://
},
"name": "swiftusertest3"
},
{
"description": "Manages users and projects created by heat",
"domain_id": "39bb82cc58e04c
"enabled": true,
"id": "7a590a6df2f34c
"links": {
"self": "http://
},
"name": "heat_domain_admin"
},
{
"default_
"domain_id": "default",
"email": null,
"enabled": true,
"id": "7b39d6834aca4f
"links": {
"self": "http://
},
"name": "swift"
},
{
"default_
"domain_id": "default",
"email": "<email address hidden>",
"enabled": true,
"id": "7b6cfc976e3b4e
"links": {
"self": "http://
},
"name": "glance-swift"
},
{
"default_
"domain_id": "default",
"email": null,
"enabled": true,
"id": "7f691c2dc67b40
"links": {
"self": "http://
},
"name": "admin"
},
{
"default_
"domain_id": "default",
"email": null,
"enabled": true,
"id": "83d5d384b29d49
"links": {
"self": "http://
},
"name": "heat"
},
{
"default_
"domain_id": "default",
"email": "<email address hidden>",
"enabled": true,
"id": "9603a6806d6a44
"links": {
"self": "http://
},
"name": "swiftusertest2"
},
{
"default_
"domain_id": "default",
"email": "<email address hidden>",
"enabled": true,
"id": "9a28cbebbe4245
"links": {
"self": "http://
},
"name": "alt_demo"
},
{
"default_
"domain_id": "default",
"email": "<email address hidden>",
"enabled": true,
"id": "9e8fda6c9add45
"links": {
"self": "http://
},
"name": "demo"
},
{
"default_