yahoo-eng-team team mailing list archive

[Marek Denis <marek.denis@xxxxxxx>]

Public bug reported:

Keystone mapping engine should correctly distinguish between empty
black/whitelists and lack of them in the mapping rules.

Today, a mapping rule with

{
    "local": [....],
   "remote: [
         {
             "type": "x"
             "whitelist: []
         } 
    ]

}

will pass all the values conveyed under the parameter "x", whereas it should block (whitelist 0 elements) all the elements.
Since mapping engine rules engine about groups/roles assigned to the user it's extremely important to make the rules logic as strict as possible.

** Affects: keystone
     Importance: Low
     Assignee: Marek Denis (marek-denis)
         Status: In Progress

** Changed in: keystone
     Assignee: (unassigned) => Marek Denis (marek-denis)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1434653

Title:
  Empty mappring engine white/black lists should be treated differently
  than lack of them.

Status in OpenStack Identity (Keystone):
  In Progress

Bug description:
  Keystone mapping engine should correctly distinguish between empty
  black/whitelists and lack of them in the mapping rules.

  Today, a mapping rule with

  {
      "local": [....],
     "remote: [
           {
               "type": "x"
               "whitelist: []
           } 
      ]

  }

  will pass all the values conveyed under the parameter "x", whereas it should block (whitelist 0 elements) all the elements.
  Since mapping engine rules engine about groups/roles assigned to the user it's extremely important to make the rules logic as strict as possible.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1434653/+subscriptions