OpenStack Identity (keystone)

Getting role for trust is double-protected

Bug #1421966 reported by Brant Knudson
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Low
Lin Hua Cheng
OpenStack Identity (keystone) 2015.1.0 "kilo"

Bug Description

The function for getting or checking a role for trust (GET/HEAD /v3/OS-TRUST/trusts/{trust_id}/roles/{role_id}) winds up being protected first by `get_role_for_trust` and then by `check_role_for_trust`. This is because get_role_for_trust winds up calling self.check_role_for_trust()[1]. There's actually no external route for "check_role_for_trust", so this policy target should be removed.

[1] http://git.openstack.org/cgit/openstack/keystone/tree/keystone/trust/controllers.py#n272

Lin Hua Cheng (lin-hua-cheng)
Changed in keystone:
assignee: nobody → Lin Hua Cheng (lin-hua-cheng)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/156763

Changed in keystone:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/156763
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=6ecf99c779c3373acaa6650f15116abade1207f1
Submitter: Jenkins
Branch: master

commit 6ecf99c779c3373acaa6650f15116abade1207f1
Author: lin-hua-cheng <email address hidden>
Date: Tue Feb 17 12:46:38 2015 -0800

    Remove check_role_for_trust from sample policies

    The "identity:check_role_for_trust" was defined in the sample
    policy files but there is no actual mapping for it, so setting
    a value for this target has no effect. If or when the
    mapping gets added then this target must be added back in.

    Fixed the double protected call in "get_role_for_trust" by changing its
    call to a private unprotected version of "check_role_for_trust".

    Also, marking the public version of "check_role_for_trust" as deprecated
    for future cleanup.

    Change-Id: I1c2b1186e37e31eaf556f81db686cc362768a5ae
    Closes-Bug: #1421966

Changed in keystone:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in keystone:
milestone: none → kilo-3
status: Fix Committed → Fix Released
Dolph Mathews (dolph)
Changed in keystone:
importance: Undecided → Low
Thierry Carrez (ttx)
Changed in keystone:
milestone: kilo-3 → 2015.1.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.