[api] document "belongsTo" query for HEAD/GET tokens on v2
Bug #1626794 reported by
Steve Martinelli
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Lance Bragstad |
Bug Description
Apparently there is a query parameter -- belongsTo -- that can be used on GET/HEAD requests to /v2.0/tokens/
Here's what it does:
def _token_
"""Check if the token belongs to the right tenant.
This is only used on v2 tokens. The structural validity of the token
will have already been checked before this method is called.
"""
if belongs_to:
if ('tenant' not in token_data or
Changed in keystone: | |
assignee: | nobody → Lance Bragstad (lbragstad) |
status: | Triaged → In Progress |
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/375097 /git.openstack. org/cgit/ openstack/ keystone/ commit/ ?id=7f3f5963518 c2b3da16911bee6 96ceee15de8d58
Committed: https:/
Submitter: Jenkins
Branch: master
commit 7f3f5963518c2b3 da16911bee696ce ee15de8d58
Author: Lance Bragstad <email address hidden>
Date: Thu Sep 22 20:29:46 2016 +0000
Fix the belongsTo query parameter
The belongsTo query parameter is only supported by the v2.0
token validation API. It would check the ID of the project passed
to the belongsTo parameter against the project a token was scoped to.
This commit corrects the implementation, tests, and adds token.controlle r token.provider.
documentation. It also moves the check to keystone.
since belongsTo is a v2-ism and doesn't belong in the
keystone.
Closes-Bug: 1627085 093d7e5ef3142bb 1e2d0f78138
Closes-Bug: 1626794
Change-Id: I4a06a498112b81