The belongsTo query parameters for v2.0 is broken
Bug #1627085 reported by
Lance Bragstad
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Lance Bragstad | ||
Bug Description
Apparently the v2.0 API has a query parameter that allows you to check if a token belongs to a tenant by passing the tenant name in the query parameter. Out tests ensure that the functionality is broken [0].
The assertion in the test assumes that you can pass the tenant name - but the actual implementation of belongsTo checks for the tenant ID [1]. The implementation needs to be fixed to compare tenant names or the tests need to be refactored to pass the tenant ID.
[0] https:/
[1] https:/
| Changed in keystone: | |
| milestone: | none → ocata-1 |
| importance: | Undecided → Medium |
| status: | New → Confirmed |
| assignee: | nobody → Lance Bragstad (lbragstad) |
| Changed in keystone: | |
| status: | Confirmed → In Progress |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to keystone (master) | #1 |
| Changed in keystone: | |
| status: | In Progress → Fix Released |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix included in openstack/keystone 11.0.0.0b1 | #2 |
To post a comment you must log in.
Reviewed: https:/
Committed: https:/
Submitter: Jenkins
Branch: master
commit 7f3f5963518c2b3
Author: Lance Bragstad <email address hidden>
Date: Thu Sep 22 20:29:46 2016 +0000
Fix the belongsTo query parameter
The belongsTo query parameter is only supported by the v2.0
token validation API. It would check the ID of the project passed
to the belongsTo parameter against the project a token was scoped to.
This commit corrects the implementation, tests, and adds
documentation. It also moves the check to keystone.
since belongsTo is a v2-ism and doesn't belong in the
keystone.
Closes-Bug: 1627085
Closes-Bug: 1626794
Change-Id: I4a06a498112b81