Public bug reported:
The behaviour of this API is different if
CONF.identity.domain_specific_drivers_enabled is set or not. If it is
not set, then listing user shows for all domains. If it is set, even
for SQL, only a single domain is listed.
The correct behavior would be to only list users for the domain
extracted from the users tokens, regardless of the value set here.
Otherwise, data leaks across domains.
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1356682
Title:
GET /v3/users lists users in all domains
Status in OpenStack Identity (Keystone):
New
Bug description:
The behaviour of this API is different if
CONF.identity.domain_specific_drivers_enabled is set or not. If it is
not set, then listing user shows for all domains. If it is set, even
for SQL, only a single domain is listed.
The correct behavior would be to only list users for the domain
extracted from the users tokens, regardless of the value set here.
Otherwise, data leaks across domains.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1356682/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
