yahoo-eng-team team mailing list archive

[OpenStack Infra <1652012@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.openstack.org/438035
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=dc449dfd63c165cfa9c4600b82e5b392973a0e60
Submitter: Jenkins
Branch:    master

commit dc449dfd63c165cfa9c4600b82e5b392973a0e60
Author: Gage Hugo <gagehugo@xxxxxxxxx>
Date:   Fri Feb 24 12:26:41 2017 -0600

    Change is_admin_project to False by default
    
    Our token model code will return a default of True for
    is_admin_project if that attribute is not defined. The
    comment next to this says this is for backwards
    compatibility, but this seems inherently dangerous.
    
    Closes-Bug: #1652012
    
    Change-Id: I035fe570972764b9c9342d1851654634d681ac5e


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1652012

Title:
  token model assumes a token is is_admin_project

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  Our token model code will return a default of True for
  is_admin_project if that attribute is not defined [0]. The comment
  next to this says this is for backward compatibility - but this seems
  inherently dangerous. We should investigate what changes are needed
  (if any) to make the default False.

  [0]
  https://github.com/openstack/keystone/blob/686f9d583eaa5f015d6b8b995c2f4243392ffbce/keystone/models/token_model.py#L195-L198

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1652012/+subscriptions