It's possible to disable the default domain through domain update API
Bug #1522616 reported by
Lance Bragstad
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Navid Pustchi |
Bug Description
We currently forbid the ability of deleting the default domain [0] (or at least make it really hard to do so). There is nothing in the update domain flow that protects against disabling the default domain.
We should add the same check to prevent someone from accidentally disabling the default domain. Otherwise it just exposes the same behavior that we wanted to prevent in the first place.
I was able to recreate this with these steps - http://
description: | updated |
Changed in keystone: | |
assignee: | nobody → Navid Pustchi (npustchi) |
Changed in keystone: | |
milestone: | none → mitaka-2 |
To post a comment you must log in.
makes sense to fix this, we can easily check that the domain being disabled isn't the same as the default domain option in the config file.