GET /v3/projects/project_id with parents_as_list or subtree_as_list option is leaking extra data

Bug #1434916 reported by Samuel de Medeiros Queiroz
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
High
Samuel de Medeiros Queiroz

Bug Description

According to the spec 'New query params to retrieve the project hierarchy' [1], GET /v3/projects/project_id?parents_as_list and GET /v3/projects/project_id?subtree_as_list should only return the projects in the hierarchy the user has access to.

However, they are always returning the whole project info (id, name, domain_id, description, enabled) from all parents/subprojects.

[1] https://github.com/openstack/keystone-specs/blob/master/specs/kilo/project-hierarchy-retrieval.rst

Changed in keystone:
assignee: nobody → Samuel de Medeiros Queiroz (samueldmq)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to keystone (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/167230

Changed in keystone:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/167231

Changed in keystone:
milestone: none → kilo-rc1
importance: Undecided → High
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to keystone (master)

Reviewed: https://review.openstack.org/167230
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=fe31e5283e53b4977d7b2dce7de094a1e0981b92
Submitter: Jenkins
Branch: master

commit fe31e5283e53b4977d7b2dce7de094a1e0981b92
Author: Samuel de Medeiros Queiroz <email address hidden>
Date: Tue Mar 24 08:56:41 2015 -0300

    Exposes bug when getting hierarchy on Project API

    GET /v3/projects/project_id?parents_as_list and
    GET /v3/projects/project_id?subtree_as_list
    should return only the projects in the hierarchy
    the user has access to.

    This patch exposes a bug in which all projects in
    the hierarchy are always returned.

    Related-Bug: #1434916

    Change-Id: I56316ac99e41721e3c6e73c53b8499df3a98b343

Changed in keystone:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/167231
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=5b38ec1344fabd19364661d61d6374b87960d7e4
Submitter: Jenkins
Branch: master

commit 5b38ec1344fabd19364661d61d6374b87960d7e4
Author: Samuel de Medeiros Queiroz <email address hidden>
Date: Tue Mar 24 09:58:35 2015 -0300

    Fixes bug when getting hierarchy on Project API

    GET /v3/projects/project_id?parents_as_list and
    GET /v3/projects/project_id?subtree_as_list
    should return only the projects in the hierarchy
    the user has access to.

    This patch fixes a bug in which all projects in
    the hierarchy are always returned.

    Co-Authored-By: Raildo Mascena <email address hidden>

    Closes-Bug: #1434916

    Change-Id: I1b2403b9b2af510f127ce1ea47604d53eef3850c

Thierry Carrez (ttx)
Changed in keystone:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in keystone:
milestone: kilo-rc1 → 2015.1.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.