← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1356682] Re: GET /v3/users lists users in all domains

 

This is certainly expected behavior - Henry's explanation looks spot on,
and (2) explains the justification for the current behavior.

** Changed in: keystone
       Status: New => Opinion

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1356682

Title:
  GET /v3/users lists users in all domains

Status in OpenStack Identity (Keystone):
  Opinion

Bug description:
  The behaviour of this API is different if
  CONF.identity.domain_specific_drivers_enabled is set or not.  If it is
  not set, then listing user shows for all domains.  If it is set, even
  for SQL, only a single domain is listed.

  The correct behavior would be to only list users for the domain
  extracted from the users tokens, regardless of the value set here.
  Otherwise,  data leaks across domains.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1356682/+subscriptions


References