[api] document "belongsTo" query for HEAD/GET tokens on v2
Bug #1626794 reported by
Steve Martinelli
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Lance Bragstad | ||
Bug Description
Apparently there is a query parameter -- belongsTo -- that can be used on GET/HEAD requests to /v2.0/tokens/
Here's what it does:
def _token_
"""Check if the token belongs to the right tenant.
This is only used on v2 tokens. The structural validity of the token
will have already been checked before this method is called.
"""
if belongs_to:
if ('tenant' not in token_data or
| Changed in keystone: | |
| assignee: | nobody → Lance Bragstad (lbragstad) |
| status: | Triaged → In Progress |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to keystone (master) | #1 |
| Changed in keystone: | |
| status: | In Progress → Fix Released |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix included in openstack/keystone 11.0.0.0b1 | #2 |
To post a comment you must log in.
Reviewed: https:/
Committed: https:/
Submitter: Jenkins
Branch: master
commit 7f3f5963518c2b3
Author: Lance Bragstad <email address hidden>
Date: Thu Sep 22 20:29:46 2016 +0000
Fix the belongsTo query parameter
The belongsTo query parameter is only supported by the v2.0
token validation API. It would check the ID of the project passed
to the belongsTo parameter against the project a token was scoped to.
This commit corrects the implementation, tests, and adds
documentation. It also moves the check to keystone.
since belongsTo is a v2-ism and doesn't belong in the
keystone.
Closes-Bug: 1627085
Closes-Bug: 1626794
Change-Id: I4a06a498112b81