OpenStack Identity (keystone)

  1. Bug #1858012
  2. Comment #8

Comment 8 for bug 1858012

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (stable/rocky)

Reviewed: https://review.opendev.org/704895
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=a50a8973d712df2330827916b3aaa9f5dbebd849
Submitter: Zuul
Branch: stable/rocky

commit a50a8973d712df2330827916b3aaa9f5dbebd849
Author: Colleen Murphy <email address hidden>
Date: Tue Dec 31 16:22:34 2019 -0800

    Fix role_assignments role.id filter

    Without this patch, if there are multiple role assignments on the system
    and they are not all the same role, querying for role assignments with
    /v3/role_assignments?role.id={role_id} may leak some role assignments
    that don't match the role_id, making the returned results incorrect.
    This patch fixes the issue by using a list comprehension instead of a
    for loop over a list that was being modified within the loop.

    Conflicts:
           keystone/tests/unit/protection/v3/test_assignment.py

    Protection unit tests do not exist on this branch (stable/rocky) so
    there is no need to modify the test_assignment.py protection tests.

    Change-Id: Icfce3b14abb55c6fef3de1b314cee22fc8b1d08c
    Closes-bug: #1858012
    (cherry picked from commit c2d88306621f890a857acd6831ea8bf073f55537)
    (cherry picked from commit 4d413f1eba2d1e6b16ecd57fa27de528dd0f67cb)
    (cherry picked from commit af470fd6394af9758a277f05744dd4544bac09e5)