yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1337768] [NEW] keystone v2 api change_password authz require also update_user authz

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: mouadino <1337768@xxxxxxxxxxxxxxxxxx>
Date: Fri, 04 Jul 2014 09:19:00 -0000
Reply-to: Bug 1337768 <1337768@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

In v2 the set_user_password controller method call update_user, which
mean that setting only 'identity:change_password' to 'rule:owner' will
not works unless 'identity:update_user' is also changed to 'rule:owner'
or similar.

https://github.com/openstack/keystone/blob/stable/icehouse/keystone/identity/controllers.py#L237-239

NOTE: Stating the obvious, I picked up 'rule:owner' as an example, which
is what make sense in our case, but the problem is not specific to this
rule

** Affects: keystone
     Importance: Undecided
         Status: New

** Description changed:

  In v2 the set_user_password controller method call update_user, which
  mean that setting only 'identity:change_password' to 'rule:owner' will
  not works unless 'identity:update_user' is also changed to 'rule:owner'
  or similar.
  
  https://github.com/openstack/keystone/blob/stable/icehouse/keystone/identity/controllers.py#L237-239
+ 
+ NOTE: Stating the obvious, I picked up 'rule:owner' as an example, which
+ is what make sense in our case, but the problem is not specific to this
+ rule

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1337768

Title:
  keystone v2 api change_password authz require also update_user authz

Status in OpenStack Identity (Keystone):
  New

Bug description:
  In v2 the set_user_password controller method call update_user, which
  mean that setting only 'identity:change_password' to 'rule:owner' will
  not works unless 'identity:update_user' is also changed to
  'rule:owner' or similar.

  https://github.com/openstack/keystone/blob/stable/icehouse/keystone/identity/controllers.py#L237-239

  NOTE: Stating the obvious, I picked up 'rule:owner' as an example,
  which is what make sense in our case, but the problem is not specific
  to this rule

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1337768/+subscriptions

Follow ups

[Bug 1337768] Re: keystone v2 api change_password authz require also update_user authz
From: Dolph Mathews, 2014-07-08
[Bug 1337768] [NEW] keystone v2 api change_password authz require also update_user authz
From: mouadino, 2014-07-04

References

[Bug 1337768] [NEW] keystone v2 api change_password authz require also update_user authz
From: mouadino, 2014-07-04