yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1356682] [NEW] GET /v3/users lists users in all domains

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Adam Young <1356682@xxxxxxxxxxxxxxxxxx>
Date: Thu, 14 Aug 2014 02:49:34 -0000
Reply-to: Bug 1356682 <1356682@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

The behaviour of this API is different if
CONF.identity.domain_specific_drivers_enabled is set or not.  If it is
not set, then listing user shows for all domains.  If it is set, even
for SQL, only a single domain is listed.

The correct behavior would be to only list users for the domain
extracted from the users tokens, regardless of the value set here.
Otherwise,  data leaks across domains.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1356682

Title:
  GET /v3/users lists users in all domains

Status in OpenStack Identity (Keystone):
  New

Bug description:
  The behaviour of this API is different if
  CONF.identity.domain_specific_drivers_enabled is set or not.  If it is
  not set, then listing user shows for all domains.  If it is set, even
  for SQL, only a single domain is listed.

  The correct behavior would be to only list users for the domain
  extracted from the users tokens, regardless of the value set here.
  Otherwise,  data leaks across domains.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1356682/+subscriptions

Follow ups

[Bug 1356682] Re: GET /v3/users lists users in all domains
From: Dolph Mathews, 2014-08-14
[Bug 1356682] [NEW] GET /v3/users lists users in all domains
From: Adam Young, 2014-08-14

References

[Bug 1356682] [NEW] GET /v3/users lists users in all domains
From: Adam Young, 2014-08-14