Without this patch, if there are multiple role assignments on the system
and they are not all the same role, querying for role assignments with
/v3/role_assignments?role.id={role_id} may leak some role assignments
that don't match the role_id, making the returned results incorrect.
This patch fixes the issue by using a list comprehension instead of a
for loop over a list that was being modified within the loop.
Reviewed: https:/ /review. opendev. org/704895 /git.openstack. org/cgit/ openstack/ keystone/ commit/ ?id=a50a8973d71 2df2330827916b3 aaa9f5dbebd849
Committed: https:/
Submitter: Zuul
Branch: stable/rocky
commit a50a8973d712df2 330827916b3aaa9 f5dbebd849
Author: Colleen Murphy <email address hidden>
Date: Tue Dec 31 16:22:34 2019 -0800
Fix role_assignments role.id filter
Without this patch, if there are multiple role assignments on the system role_assignment s?role. id={role_ id} may leak some role assignments
and they are not all the same role, querying for role assignments with
/v3/
that don't match the role_id, making the returned results incorrect.
This patch fixes the issue by using a list comprehension instead of a
for loop over a list that was being modified within the loop.
Conflicts:
keystone/ tests/unit/ protection/ v3/test_ assignment. py
Protection unit tests do not exist on this branch (stable/rocky) so
there is no need to modify the test_assignment.py protection tests.
Change-Id: Icfce3b14abb55c 6fef3de1b314cee 22fc8b1d08c a857acd6831ea8b f073f55537) b16ecd57fa27de5 28dd0f67cb) 58a277f05744dd4 544bac09e5)
Closes-bug: #1858012
(cherry picked from commit c2d88306621f890
(cherry picked from commit 4d413f1eba2d1e6
(cherry picked from commit af470fd6394af97