yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1444310] Re: keystone token response contains InternalURL for non admin user

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Dolph Mathews <1444310@xxxxxxxxxxxxxxxxxx>
Date: Wed, 15 Apr 2015 14:40:00 -0000
Reply-to: Bug 1444310 <1444310@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

The internal URL is not intended to be obscured from users, but rather
is intended to provide a public API interface on a faster / more
efficient network interface (depending on the deployment). If users can
reach the internal endpoint (such as for glance), then they can likely
save bandwidth charges, etc.

** Changed in: keystone
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1444310

Title:
  keystone token response contains InternalURL for non admin user

Status in OpenStack Identity (Keystone):
  Invalid

Bug description:
  keystone token responses contains both the InternalURL and adminURL
  for non admin user (demo).

  This information should not be exposed to a non-admin user.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1444310/+subscriptions

References

[Bug 1444310] [NEW] keystone token response contains InternalURL for non admin user
From: Attila Fazekas, 2015-04-15