Keystone list-domain operation performed with domain scoped tokens

Bug #1687519 reported by Adam Young
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tempest
Expired
Undecided
Unassigned

Bug Description

Tempest was able to get away with running list domains with via a token with the admin scoped to a domain. Domain admins should not be able to list domains. This test is forcing Keystone to continue to support a poor choice of policy.

Adam Young (ayoung)
information type: Private Security → Public
Changed in tempest:
assignee: nobody → Samuel Pilla (samuel.pilla)
Revision history for this message
Prateek Arora (parora) wrote :

Need more info regarding where this is happening, if the reporter can give example of a tempest run and where this particular thing is done.

Changed in tempest:
status: New → Confirmed
status: Confirmed → Incomplete
Revision history for this message
Prateek Arora (parora) wrote :

We would also need to know "this test is forcing Keystone to continue to support a poor choice of policy", what is the 'this test' here ?

Revision history for this message
Prateek Arora (parora) wrote :

Are these the tests you are talking about

https://review.openstack.org/#/c/33618/

Can you please shed some more light ?

Changed in tempest:
assignee: Samuel Pilla (samuel.pilla) → nobody
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for tempest because there has been no activity for 60 days.]

Changed in tempest:
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.