Public bug reported:
Updating ec2 credential blob field via "openstack credential update"
allows to update the EC2 credential access ID. Considering that EC2
credential access ID is used to calculate an ID of the "credential"
(https://github.com/openstack/keystone/blob/7bb6314e40d6947294260324e84a58de191f8609/keystone/api/users.py#L363,
https://github.com/openstack/keystone/blob/7bb6314e40d6947294260324e84a58de191f8609/keystone/common/utils.py#L101),
the update action doesn't update the actual credential ID using a new
access ID sha256sum. It can lead to orphaned ec2 credentials in the
database.
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1872753
Title:
Updating EC2 credential blob can lead to a ec2 credential id /
credential id mismatch
Status in OpenStack Identity (keystone):
New
Bug description:
Updating ec2 credential blob field via "openstack credential update"
allows to update the EC2 credential access ID. Considering that EC2
credential access ID is used to calculate an ID of the "credential"
(https://github.com/openstack/keystone/blob/7bb6314e40d6947294260324e84a58de191f8609/keystone/api/users.py#L363,
https://github.com/openstack/keystone/blob/7bb6314e40d6947294260324e84a58de191f8609/keystone/common/utils.py#L101),
the update action doesn't update the actual credential ID using a new
access ID sha256sum. It can lead to orphaned ec2 credentials in the
database.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1872753/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
