[Openstack-security] [Bug 1791973] Re: User cannot list their own trusts
Morgan Fainberg
morgan.fainberg at gmail.com
Fri Oct 26 16:36:50 UTC 2018
** Tags added: policy
--
You received this bug notification because you are a member of OpenStack
Security SIG, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1791973
Title:
User cannot list their own trusts
Status in OpenStack Identity (keystone):
Triaged
Status in OpenStack Security Advisory:
Won't Fix
Bug description:
Heat and Admin users both commonly create trusts for other users. But
any application is capable of doing this, as it requires only a scoped
token to create a trust, which users pass around regularly.
If I am concerned that some other application (or unauthorized user)
has created a trust with me as the trustor, I need to be able to
confirm this. If I cannot perform "trust list" and see the set of
trusts that have me as a trustor, I am not able to clear out spurious
ones. Thus, I would not be aware of any trusts set up in my name.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1791973/+subscriptions
More information about the Openstack-security
mailing list