** Changed in: keystone Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1434653
Title: Empty mappring engine white/black lists should be treated differently than lack of them. Status in OpenStack Identity (Keystone): Fix Released Bug description: Keystone mapping engine should correctly distinguish between empty black/whitelists and lack of them in the mapping rules. Today, a mapping rule with { "local": [....], "remote: [ { "type": "x" "whitelist: [] } ] } will pass all the values conveyed under the parameter "x", whereas it should block (whitelist 0 elements) all the elements. Since mapping engine rules engine about groups/roles assigned to the user it's extremely important to make the rules logic as strict as possible. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1434653/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp