is_admin_project missing when it's not true (missing rather than false)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Invalid
|
Undecided
|
Unassigned | ||
OpenStack Security Advisory |
Invalid
|
Undecided
|
Unassigned |
Bug Description
After setting the admin_project_name = admin and admin_project_
Correct token: http://
Then I switched to the "bob" project and generated and then validated a token. I was admin in both projects. My "bob" project token is missing the is_admin_project field completely. This unfortunately then causes the oslo.context middleware to assume that you are in an admin project (context assumes missing = true).
Bob token, aka, where's the is_admin_
We're on stable/newton running on commit 3609439599571a5
description: | updated |
description: | updated |
Changed in ossa: | |
status: | New → Incomplete |
description: | updated |
So sorry. Due to some confusion about the environment we we're actually on Mitaka and hence missing this fix, which will resolve this.
a5dd5609 (Marek Denis 2015-07-31 10:43:22 +0200 332) This method does not return anything, yet it modifies token_data in Matts-MacBook- Pro-4:~ /code/openstack /keystone/ keystone/ token/providers (master)$ git show ed634e8c b749bbb9e951104 989a020277
a5dd5609 (Marek Denis 2015-07-31 10:43:22 +0200 333) place.
a5dd5609 (Marek Denis 2015-07-31 10:43:22 +0200 334)
mfischer@
commit ed634e8cdcdf385
Author: Jamie Lennox <email address hidden>
Date: Wed May 4 14:30:56 2016 +1000
Always add is_admin_project if admin project defined
By only setting is_admin_project in the token if it is true we are
unable to distinguish in policy enforcement if the admin project is not
defined in configuration or if the current scope is not the admin
project.
If the admin project is defined in config we should always set the admin_project in the token either true or false so we can provide
is_
backwards compatible policy files in projects.
Change-Id: Icdfc4f4792422a f9d844004c2c929 93c9065134d
Closes-Bug: #1577996