openstack
/
keystone
Code Issues Proposed changes
keystone/keystone
History
Boris Bobrov 05a129e545 Do not fetch group assignments without groups 
Without the change, the method fetched all assignments for a project
or domain, regardless of who has the assignment, user or group. This
led to situation when federated user without groups could scope a token
with other user's rules.

Return empty list of assignments if no groups were passed.

Closes-Bug: 1677723
Change-Id: I65f5be915bef2f979e70b043bde27064e970349d
(cherry picked from commit 2139639eea)
 		2017-04-25 14:22:47 +00:00
..
assignment Do not fetch group assignments without groups 2017-04-25 14:22:47 +00:00
auth Relax the requirement for mappings to result in group memberships 2016-09-01 03:24:27 +00:00
catalog Replace six iteration methods with standard ones 2016-09-08 18:56:31 +08:00
cmd Make bootstrap idempotent when it needs to be 2016-12-08 22:30:48 +00:00
common Fixes password created_at errors due to the server_default 2016-09-16 23:57:45 +00:00
conf Support nested groups in Active Directory 2016-11-11 03:06:46 +00:00
contrib Remove unnecessary __init__ 2016-08-24 10:00:05 +08:00
credential Log warning if null key is used for encryption 2016-09-07 18:38:49 +00:00
endpoint_policy Replace keystone.common.config with keystone.conf package 2016-06-24 17:02:15 +00:00
federation Catch potential SyntaxError in federation mapping 2017-01-26 15:56:18 +00:00
identity Support nested groups in Active Directory 2016-11-11 03:06:46 +00:00
locale Imported Translations from Zanata 2016-12-13 06:43:07 +00:00
middleware Allow compatibility with keystonemiddleware 4.0.0 2016-09-14 13:56:34 +00:00
models Make returning is_domain conditional 2016-10-04 23:26:00 -05:00
oauth1 Update `href` for keystone extensions 2016-08-22 11:09:43 +08:00
policy Replace OpenStack LLC with OpenStack Foundation 2016-07-22 15:10:35 +05:30
resource TrivialFix: Merge imports in code 2016-09-12 18:05:07 +07:00
revoke Distributed cache namespace to invalidate regions 2016-08-29 16:38:55 +00:00
server Implement encryption of credentials at rest 2016-09-02 04:25:49 +00:00
tests Do not fetch group assignments without groups 2017-04-25 14:22:47 +00:00
token Merge "Consistently round down timestamps" 2016-09-14 04:23:44 +00:00
trust Trust controller refactoring 2016-08-04 18:49:32 +03:00
v2_crud Pass request to v2 token authenticate 2016-07-15 13:33:39 +10:00
version Report v2.0 as deprecated in version discovery 2016-08-04 23:59:38 +03:00
__init__.py Revert "Disable eventlet monkey-patching of DNS" 2013-05-10 10:24:48 -04:00
exception.py Project domain must match role domain for assignment 2016-09-07 11:43:53 -07:00
i18n.py Change oslo.i18n to oslo_i18n 2015-02-09 18:10:07 -06:00
notifications.py Pass request to v2 token authenticate 2016-07-15 13:33:39 +10:00
service.py Create a version package 2015-10-12 23:59:16 +00:00