← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1434916] [NEW] GET /v3/projects/project_id with parents_as_list or subtree_as_list option is leaking extra data

 

Public bug reported:

According to the spec 'New query params to retrieve the project
hierarchy' [1], GET /v3/projects/project_id?parents_as_list and GET
/v3/projects/project_id?subtree_as_list should only return the projects
in the hierarchy the user has access to.

However, they are always returning the whole project info (id, name,
domain_id, description, enabled) from all parents/subprojects.

[1] https://github.com/openstack/keystone-specs/blob/master/specs/kilo
/project-hierarchy-retrieval.rst

** Affects: keystone
     Importance: Undecided
     Assignee: Samuel de Medeiros Queiroz (samueldmq)
         Status: New

** Changed in: keystone
     Assignee: (unassigned) => Samuel de Medeiros Queiroz (samueldmq)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1434916

Title:
  GET /v3/projects/project_id with parents_as_list or subtree_as_list
  option is leaking extra data

Status in OpenStack Identity (Keystone):
  New

Bug description:
  According to the spec 'New query params to retrieve the project
  hierarchy' [1], GET /v3/projects/project_id?parents_as_list and GET
  /v3/projects/project_id?subtree_as_list should only return the
  projects in the hierarchy the user has access to.

  However, they are always returning the whole project info (id, name,
  domain_id, description, enabled) from all parents/subprojects.

  [1] https://github.com/openstack/keystone-specs/blob/master/specs/kilo
  /project-hierarchy-retrieval.rst

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1434916/+subscriptions


Follow ups

References