yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1186061] Re: V3 Revoke token API is doing V2 style admin check

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Wed, 17 Jul 2013 12:06:37 -0000
Reply-to: Bug 1186061 <1186061@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: Fix Committed => Fix Released

** Changed in: keystone
    Milestone: None => havana-2

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1186061

Title:
  V3 Revoke token API is doing V2 style admin check

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  V3 Revoke token API is doing V2 style admin check even if the caller
  is authorized based on auth policy. The APi call is landing at
  "keystone.token.controllers.delete_token" method which try to do
  assert_admin(context) which will fail if the call is not an V2 type
  admin.

  API: DELETE http://localhost:35358/v3/auth/tokens

  Below is the block of code from
  keystone.token.controllers.delete_token which does assert_admin checks

  def delete_token(self, context, token_id):
        """Delete a token, effectively invalidating it for authz."""
        # TODO(termie): this stuff should probably be moved to middleware
        self.assert_admin(context)
        self.token_api.delete_token(context=context, token_id=token_id)

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1186061/+subscriptions