Public bug reported: The behaviour of this API is different if CONF.identity.domain_specific_drivers_enabled is set or not. If it is not set, then listing user shows for all domains. If it is set, even for SQL, only a single domain is listed.
The correct behavior would be to only list users for the domain extracted from the users tokens, regardless of the value set here. Otherwise, data leaks across domains. ** Affects: keystone Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1356682 Title: GET /v3/users lists users in all domains Status in OpenStack Identity (Keystone): New Bug description: The behaviour of this API is different if CONF.identity.domain_specific_drivers_enabled is set or not. If it is not set, then listing user shows for all domains. If it is set, even for SQL, only a single domain is listed. The correct behavior would be to only list users for the domain extracted from the users tokens, regardless of the value set here. Otherwise, data leaks across domains. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1356682/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp