token model assumes a token is is_admin_project
Bug #1652012 reported by
Henry Nash
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Invalid
|
Low
|
Unassigned |
Bug Description
Our token model code will return a default of True for is_admin_project if that attribute is not defined [0]. The comment next to this says this is for backward compatibility - but this seems inherently dangerous. We should investigate what changes are needed (if any) to make the default False.
UPDATE: We need this to default to True for the time being while we deal
with #968696. Do not change this to False at this time.
description: | updated |
Changed in keystone: | |
status: | New → Confirmed |
importance: | Undecided → Low |
Changed in keystone: | |
assignee: | nobody → Gage Hugo (gagehugo) |
Changed in keystone: | |
status: | Confirmed → In Progress |
Changed in keystone: | |
milestone: | none → pike-1 |
description: | updated |
Changed in keystone: | |
status: | In Progress → Triaged |
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/438035 /git.openstack. org/cgit/ openstack/ keystone/ commit/ ?id=dc449dfd63c 165cfa9c4600b82 e5b392973a0e60
Committed: https:/
Submitter: Jenkins
Branch: master
commit dc449dfd63c165c fa9c4600b82e5b3 92973a0e60
Author: Gage Hugo <email address hidden>
Date: Fri Feb 24 12:26:41 2017 -0600
Change is_admin_project to False by default
Our token model code will return a default of True for admin_project if that attribute is not defined. The
is_
comment next to this says this is for backwards
compatibility, but this seems inherently dangerous.
Closes-Bug: #1652012
Change-Id: I035fe570972764 b9c9342d1851654 634d681ac5e