Without this patch, if there are multiple role assignments on the system
and they are not all the same role, querying for role assignments with
/v3/role_assignments?role.id={role_id} may leak some role assignments
that don't match the role_id, making the returned results incorrect.
This patch fixes the issue by using a list comprehension instead of a
for loop over a list that was being modified within the loop.
Change-Id: Icfce3b14abb55c6fef3de1b314cee22fc8b1d08c
Closes-bug: #1858012
(cherry picked from commit c2d88306621f890a857acd6831ea8bf073f55537)
(cherry picked from commit 4d413f1eba2d1e6b16ecd57fa27de528dd0f67cb)
Reviewed: https:/ /review. opendev. org/704726 /git.openstack. org/cgit/ openstack/ keystone/ commit/ ?id=af470fd6394 af9758a277f0574 4dd4544bac09e5
Committed: https:/
Submitter: Zuul
Branch: stable/stein
commit af470fd6394af97 58a277f05744dd4 544bac09e5
Author: Colleen Murphy <email address hidden>
Date: Tue Dec 31 16:22:34 2019 -0800
Fix role_assignments role.id filter
Without this patch, if there are multiple role assignments on the system role_assignment s?role. id={role_ id} may leak some role assignments
and they are not all the same role, querying for role assignments with
/v3/
that don't match the role_id, making the returned results incorrect.
This patch fixes the issue by using a list comprehension instead of a
for loop over a list that was being modified within the loop.
Change-Id: Icfce3b14abb55c 6fef3de1b314cee 22fc8b1d08c a857acd6831ea8b f073f55537) b16ecd57fa27de5 28dd0f67cb)
Closes-bug: #1858012
(cherry picked from commit c2d88306621f890
(cherry picked from commit 4d413f1eba2d1e6