** Changed in: keystone
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1434653
Title:
Empty mappring engine white/black lists should be treated differently
than lack of them.
Status in OpenStack Identity (Keystone):
Fix Released
Bug description:
Keystone mapping engine should correctly distinguish between empty
black/whitelists and lack of them in the mapping rules.
Today, a mapping rule with
{
"local": [....],
"remote: [
{
"type": "x"
"whitelist: []
}
]
}
will pass all the values conveyed under the parameter "x", whereas it should
block (whitelist 0 elements) all the elements.
Since mapping engine rules engine about groups/roles assigned to the user
it's extremely important to make the rules logic as strict as possible.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1434653/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
