yahoo-eng-team team mailing list archive

[kay <1872753@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

Updating ec2 credential blob field via "openstack credential update"
allows to update the EC2 credential access ID. Considering that EC2
credential access ID is used to calculate an ID of the "credential"
(https://github.com/openstack/keystone/blob/7bb6314e40d6947294260324e84a58de191f8609/keystone/api/users.py#L363,
https://github.com/openstack/keystone/blob/7bb6314e40d6947294260324e84a58de191f8609/keystone/common/utils.py#L101),
the update action doesn't update the actual credential ID using a new
access ID sha256sum. It can lead to orphaned ec2 credentials in the
database.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1872753

Title:
  Updating EC2 credential blob can lead to a ec2 credential id /
  credential id mismatch

Status in OpenStack Identity (keystone):
  New

Bug description:
  Updating ec2 credential blob field via "openstack credential update"
  allows to update the EC2 credential access ID. Considering that EC2
  credential access ID is used to calculate an ID of the "credential"
  (https://github.com/openstack/keystone/blob/7bb6314e40d6947294260324e84a58de191f8609/keystone/api/users.py#L363,
  https://github.com/openstack/keystone/blob/7bb6314e40d6947294260324e84a58de191f8609/keystone/common/utils.py#L101),
  the update action doesn't update the actual credential ID using a new
  access ID sha256sum. It can lead to orphaned ec2 credentials in the
  database.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1872753/+subscriptions