keystone

History

Lance Bragstad 2d7bf10a5a Use app cred user ID in policy enforcement The application credential policies use the `rule:owner` policy to allow users to manage their own credentials. The policy engine pulled the user_id attribute from the request path instead of the actual application credential. This allowed for users to exploit the enforcement and view or delete application credentials they don't own. This commit attempts to resolve the issue by updating the flask parameters before they're translated to policy arguments and target data, prior to policy enforcement. Change-Id: I903d20fa41270499ca1c39d296120dd97cef5405 Closes-Bug: 1901207		2020-11-11 11:01:20 -06:00
..
_shared	Fix security issues with EC2 credentials	2020-05-02 12:34:20 -07:00
__init__.py	Revert "Add API for /v3/access_rules_config"	2019-05-28 08:38:39 -07:00
auth.py	NIT: Fix spelling	2020-03-06 12:52:15 +05:30
credentials.py	Disable EC2 credentials access_id update	2020-05-19 17:35:05 +05:30
discovery.py	Add expiring user group memberships on mapped authentication	2020-04-07 19:30:57 -04:00
domains.py	Remove six usage	2020-01-30 06:06:51 +00:00
ec2tokens.py	Remove six usage	2020-01-30 06:06:51 +00:00
endpoints.py	Remove six usage	2020-01-30 06:06:51 +00:00
groups.py	Remove six usage	2020-01-30 06:06:51 +00:00
limits.py	Remove six usage	2020-01-30 06:06:51 +00:00
os_ep_filter.py	Remove six usage	2020-01-30 06:06:51 +00:00
os_federation.py	Expiring Group Memberships API - Allow set idp authorization_ttl	2020-04-09 01:59:58 +00:00
os_inherit.py	Remove six usage	2020-01-30 06:06:51 +00:00
os_oauth1.py	Remove six usage	2020-01-30 06:06:51 +00:00
os_revoke.py	Move json_home "extension" rel functions	2018-08-16 20:49:01 +00:00
os_simple_cert.py	Fix missing print format and missing ws between words	2019-08-06 08:29:34 +08:00
policy.py	Remove six usage	2020-01-30 06:06:51 +00:00
projects.py	Remove six usage	2020-01-30 06:06:51 +00:00
regions.py	Remove six usage	2020-01-30 06:06:51 +00:00
registered_limits.py	Remove six usage	2020-01-30 06:06:51 +00:00
role_assignments.py	Fix validation of role assignment subtree list	2019-09-17 23:12:47 -07:00
role_inferences.py	Update hacking for Python3	2020-04-15 07:17:58 +02:00
roles.py	Remove six usage	2020-01-30 06:06:51 +00:00
s3tokens.py	Remove six usage	2020-01-30 06:06:51 +00:00
services.py	Remove six usage	2020-01-30 06:06:51 +00:00
system.py	Remove six usage	2020-01-30 06:06:51 +00:00
trusts.py	Remove six usage	2020-01-30 06:06:51 +00:00
users.py	Use app cred user ID in policy enforcement	2020-11-11 11:01:20 -06:00