yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1203881] Re: API allows the ID of a policy entity to be changed

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Dolph Mathews <1203881@xxxxxxxxxxxxxxxxxx>
Date: Mon, 12 Aug 2013 18:18:52 -0000
Reply-to: Bug 1203881 <1203881@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I'm also unable to reproduce on master.

$ http post http://localhost:35357/v3/policies '{"policy": {"name": "trivial-true", "blob": "true", "type": "application/json"}}' --x-auth-token=ADMIN
{
  "policy": {
    "id": "d462e2f7aef9455283fc47b83425a185", 
    "type": "application/json", 
    "blob": "true", 
    "links": {
      "self": "http://localhost:5000/v3/policies/d462e2f7aef9455283fc47b83425a185";
    }, 
    "name": "trivial-true"
  }
}
$ http patch http://localhost:35357/v3/policies/d462e2f7aef9455283fc47b83425a185 '{"policy": {"id": "custom-id", "name": "always-true"}}' --x-auth-token=ADMIN
{
  "error": {
    "message": "Cannot change policy ID", 
    "code": 400, 
    "title": "Bad Request"
  }
}

** Changed in: keystone
       Status: Triaged => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1203881

Title:
  API allows the ID of a policy entity to be changed

Status in OpenStack Identity (Keystone):
  Invalid

Bug description:
  Entity IDs are meant to be immutable.  In all cases, except for the
  policy entity, this is true.  The Update Policy call, however, fails
  to check whether the ID has been changed, allowing the policy ID to be
  updated.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1203881/+subscriptions