Keystone list-domain operation performed with domain scoped tokens
Bug #1687519 reported by
Adam Young
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tempest |
Expired
|
Undecided
|
Unassigned |
Bug Description
Tempest was able to get away with running list domains with via a token with the admin scoped to a domain. Domain admins should not be able to list domains. This test is forcing Keystone to continue to support a poor choice of policy.
information type: | Private Security → Public |
Changed in tempest: | |
assignee: | nobody → Samuel Pilla (samuel.pilla) |
Changed in tempest: | |
assignee: | Samuel Pilla (samuel.pilla) → nobody |
To post a comment you must log in.
Need more info regarding where this is happening, if the reporter can give example of a tempest run and where this particular thing is done.