Comment 7 for bug 1256983
Revision history for this message
| Zane Bitter (zaneb) wrote Re: Heat ReST API doesn't respect tenant scoping | #7 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
At the time this was written we were passing a username and password to the engine and checking credentials there; we had to add in the tenant from the URL because we didn't necessarily receive it in the request. Now that the only checking is done by the API middleware, this is obviously a horrible, horrible bug :(
The patch looks perfect for backporting; probably in the future we should refactor to do this check earlier and get rid of the tenant_local nonsense altogether.
+2