tempest

Keystone list-domain operation performed with domain scoped tokens

Bug #1687519 reported by Adam Young on 2017-05-02

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tempest	Expired	Undecided	Unassigned

Bug Description

Tempest was able to get away with running list domains with via a token with the admin scoped to a domain. Domain admins should not be able to list domains. This test is forcing Keystone to continue to support a poor choice of policy.

Adam Young (ayoung) on 2017-05-09

information type:

Private Security → Public

Samuel Pilla (samuel.pilla) on 2017-05-09

Changed in tempest:
assignee:	nobody → Samuel Pilla (samuel.pilla)

Revision history for this message

Prateek Arora (parora) wrote on 2017-06-21:

Need more info regarding where this is happening, if the reporter can give example of a tempest run and where this particular thing is done.

Changed in tempest:
status:	New → Confirmed
status:	Confirmed → Incomplete

Revision history for this message

Prateek Arora (parora) wrote on 2017-06-21:

We would also need to know "this test is forcing Keystone to continue to support a poor choice of policy", what is the 'this test' here ?

Revision history for this message

Prateek Arora (parora) wrote on 2017-06-21:

Are these the tests you are talking about

https://review.openstack.org/#/c/33618/

Can you please shed some more light ?

Samuel Pilla (samuel.pilla) on 2018-08-28

Changed in tempest:
assignee:	Samuel Pilla (samuel.pilla) → nobody

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-10-28:

[Expired for tempest because there has been no activity for 60 days.]

Changed in tempest:
status:	Incomplete → Expired

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.