yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1637682] Re: [api] scoped string defined as 'unscope: {}'

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Samriddhi <1637682@xxxxxxxxxxxxxxxxxx>
Date: Tue, 16 May 2017 19:36:35 -0000
Reply-to: Bug 1637682 <1637682@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: In Progress => Fix Released

** Changed in: keystoneauth
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1637682

Title:
  [api] scoped string defined as 'unscope: {}'

Status in OpenStack Identity (keystone):
  Fix Released
Status in keystoneauth:
  Fix Released

Bug description:
  keystoneauth1/identity/v3/base.py:
  ...
          elif self.unscoped:
              body['auth']['scope'] = {'unscoped': {}}
  ...

  According to Identity API v3 spec( http://developer.openstack.org/api-
  ref/identity/v3/index.html?expanded=password-authentication-with-
  unscoped-authorization-detail,password-authentication-with-scoped-
  authorization-detail ), there should be no '{'scope': {'unscoped':
  {}}' in 'auth'. For some keystone version which is strictly following
  the spec, it would be an security error, so the code slice should be
  deleted.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1637682/+subscriptions