8fcc18c42b
The v2 token controller incorrectly checks for a string instead of a boolean, which results in the wrong user ID (trustee, when it should be the trustor) when impersonation=True. So fix the comparison and tests, adding a test which illustrates the issue. This patchset also closes the gap that allows EC2 credentials to be issued from trust-scoped tokens, allowing privilege escalation since EC2 tokens have no concept of trust-scoping/role restrictions in the Grizzly release. Change-Id: Ic94f30f2354c9fda20531bb598387368fde8a096 Closes-Bug: #1239303 Related-Bug: #1242597 |
||
|---|---|---|
| .. | ||
| access | ||
| admin_crud | ||
| ec2 | ||
| s3 | ||
| stats | ||
| user_crud | ||
| __init__.py | ||