Hi Colleen. Could you also add a protection and unit test for create action? It is not so serious, but would be great to have.
As I mentioned in original ticket it is possible to create EC2 credentials with any existing projectID, even if it is a domainID:
curl -X POST https://keystone/v3/credentials -H 'Accept: application/json' -H 'Content-Type: application/json' -H "X-Auth-Token: ***" -d'{ "credential": { "blob": "{\"access\": \"ffe6fc21b47c4d87befc95ad070c3b7a\", \"secret\": \"530196cd097e4a7ca9df7258aa89ff0e\", \"trust_id\": null}", "id": "3c2b3265350c6da3a18a143fbe975ca4a8ed88a6f8c6dacc2494a5c1287ba66f", "project_id": "_any_project_id_", "type": "ec2", "user_id": "_my_user_id_" } }'
This credential won't be useful, but it would be great to have this protection.
Hi Colleen. Could you also add a protection and unit test for create action? It is not so serious, but would be great to have.
As I mentioned in original ticket it is possible to create EC2 credentials with any existing projectID, even if it is a domainID:
curl -X POST https:/ /keystone/ v3/credentials -H 'Accept: application/json' -H 'Content-Type: application/json' -H "X-Auth-Token: ***" -d'{ d87befc95ad070c 3b7a\", \"secret\": \"530196cd097e4 a7ca9df7258aa89 ff0e\", \"trust_id\": null}", a3a18a143fbe975 ca4a8ed88a6f8c6 dacc2494a5c1287 ba66f",
"credential": {
"blob": "{\"access\": \"ffe6fc21b47c4
"id": "3c2b3265350c6d
"project_id": "_any_project_id_",
"type": "ec2",
"user_id": "_my_user_id_"
}
}'
This credential won't be useful, but it would be great to have this protection.