Comment 0 for bug 1524562

No error raised if PUT/GET/PATCH/DELETE sql-based domain driver configuration with a invalid domain id:

For domain-specific driver configuration database store, Identity API creates the configuration options into the database even when the provided domain id is the url is invalid.
For example, a user can create config options using an invalid domain id (123456789) as shown below:

~$ curl -s \
> -H "X-Auth-Token: ADMIN" \
> -H "Content-Type: application/json" \
> -d '
> {
> "config":{
> "identity":{
> "driver":"ldap"
> },
> "ldap":{
> .........
> "tls_req_cert":"demand",
> "user_tree_dn":"ou=Users50,dc=cdl,dc=hp,dc=com",
> "group_allow_update":"False"
> }
> }
> } ' \
> -XPUT "http://localhost:35357/v3/domains/123456789/config/"

{"config": {"identity": {"driver": "keystone.identity.backends.ldap.Identity"}, "ldap": {"user_allow_update": "False", ........"user_name_attribute": "cn", "use_pool": "True", "user_objectclass": "posixAccount", "group_id_attribute": "gidNumber", "user_allow_create": "False", "tls_req_cert": "demand".......}}}

Once the config options created in the database, the user can even use this invalid domain id to get/update/delete the config options, an example as shown below:

~$ curl -k -H "X-Auth-Token:ADMIN" http://localhost:35357/v3/domains/123456789/config/

{"config": {"identity": {"driver": "keystone.identity.backends.ldap.Identity"}, "ldap": {"user_allow_update": "False", "group_allow_delete": "False", "group_name_attribute": "cn", "suffix": "dc=cdl,dc=hp,dc=com", ......, "group_allow_update": "False".......}}}