yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #19112
[Bug 1356682] Re: GET /v3/users lists users in all domains
This is certainly expected behavior - Henry's explanation looks spot on,
and (2) explains the justification for the current behavior.
** Changed in: keystone
Status: New => Opinion
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1356682
Title:
GET /v3/users lists users in all domains
Status in OpenStack Identity (Keystone):
Opinion
Bug description:
The behaviour of this API is different if
CONF.identity.domain_specific_drivers_enabled is set or not. If it is
not set, then listing user shows for all domains. If it is set, even
for SQL, only a single domain is listed.
The correct behavior would be to only list users for the domain
extracted from the users tokens, regardless of the value set here.
Otherwise, data leaks across domains.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1356682/+subscriptions
References