Public bug reported: The Keystone V2 API is not mean to be able to "see" any user, groups or projects outside of the default domain. APIs that list these entities are careful to filter out any that are in non-default-domains. However, if you know your entity ID we don't prevent you from doing direct lookup - i.e.. Get /users/<user_id> will work via the V2 API even if the user is out side of the default domain. The same is true for projects. Since the V2 API does not have the concept of groups, there is no issue in that case.
** Affects: keystone Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1516226 Title: Keystone V2 User API can access users outside of the default domain Status in OpenStack Identity (keystone): New Bug description: The Keystone V2 API is not mean to be able to "see" any user, groups or projects outside of the default domain. APIs that list these entities are careful to filter out any that are in non-default- domains. However, if you know your entity ID we don't prevent you from doing direct lookup - i.e.. Get /users/<user_id> will work via the V2 API even if the user is out side of the default domain. The same is true for projects. Since the V2 API does not have the concept of groups, there is no issue in that case. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1516226/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp