Enforce scope mutual exclusion for system
we already fail when mutliple scope identifiers are provided, however not when system scope is involved. As a result of the undocumented priority of checks, when system scope is specified together with any other scope, that other scope will silently be used. Change-Id: I120ed63f6c1262d067eeb6168feab35278cacf6a
This commit is contained in:
parent
11faa0e67d
commit
ae646f8d37
|
@ -137,13 +137,14 @@ class Auth(BaseAuth):
|
|||
mutual_exclusion = [bool(self.domain_id or self.domain_name),
|
||||
bool(self.project_id or self.project_name),
|
||||
bool(self.trust_id),
|
||||
bool(self.system_scope),
|
||||
bool(self.unscoped)]
|
||||
|
||||
if sum(mutual_exclusion) > 1:
|
||||
raise exceptions.AuthorizationFailure(
|
||||
message='Authentication cannot be scoped to multiple'
|
||||
' targets. Pick one of: project, domain, '
|
||||
'trust or unscoped')
|
||||
'trust, system or unscoped')
|
||||
|
||||
if self.domain_id:
|
||||
body['auth']['scope'] = {'domain': {'id': self.domain_id}}
|
||||
|
|
Loading…
Reference in New Issue