8fcc18c42b
The v2 token controller incorrectly checks for a string instead of a boolean, which results in the wrong user ID (trustee, when it should be the trustor) when impersonation=True. So fix the comparison and tests, adding a test which illustrates the issue. This patchset also closes the gap that allows EC2 credentials to be issued from trust-scoped tokens, allowing privilege escalation since EC2 tokens have no concept of trust-scoping/role restrictions in the Grizzly release. Change-Id: Ic94f30f2354c9fda20531bb598387368fde8a096 Closes-Bug: #1239303 Related-Bug: #1242597 |
||
---|---|---|
.. | ||
access | ||
admin_crud | ||
ec2 | ||
s3 | ||
stats | ||
user_crud | ||
__init__.py |