Public bug reported: We currently forbid the ability of deleting the default domain [0] (or at least make it really hard to do so). There is nothing in the update domain flow that protects against disabling the default domain.
We should add the same check to prevent someone from accidentally disabling the default domain. Otherwise it just exposes the same behavior that we wanted to prevent in the first place. I was able to recreate this with these steps - http://cdn.pasteraw.com/38uku7bb83dt4prj6f66hc9ccuft0ew [0] https://github.com/openstack/keystone/blob/45c19fcd8c4cc382a7471432cd9f72b809e1d5b1/keystone/resource/core.py#L526-L532 ** Affects: keystone Importance: Undecided Status: New ** Description changed: We currently forbid the ability of deleting the default domain [0] (or at least make it really hard to do so). There is nothing in the update domain flow that protects against disabling the default domain. We should add the same check to prevent someone from accidentally disabling the default domain. Otherwise it just exposes the same behavior that we wanted to prevent in the first place. + I was able to recreate this with these steps - + http://cdn.pasteraw.com/38uku7bb83dt4prj6f66hc9ccuft0ew - [0] https://github.com/openstack/keystone/blob/45c19fcd8c4cc382a7471432cd9f72b809e1d5b1/keystone/resource/core.py#L526-L532 + [0] + https://github.com/openstack/keystone/blob/45c19fcd8c4cc382a7471432cd9f72b809e1d5b1/keystone/resource/core.py#L526-L532 -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1522616 Title: It's possible to disable the default domain through domain update API Status in OpenStack Identity (keystone): New Bug description: We currently forbid the ability of deleting the default domain [0] (or at least make it really hard to do so). There is nothing in the update domain flow that protects against disabling the default domain. We should add the same check to prevent someone from accidentally disabling the default domain. Otherwise it just exposes the same behavior that we wanted to prevent in the first place. I was able to recreate this with these steps - http://cdn.pasteraw.com/38uku7bb83dt4prj6f66hc9ccuft0ew [0] https://github.com/openstack/keystone/blob/45c19fcd8c4cc382a7471432cd9f72b809e1d5b1/keystone/resource/core.py#L526-L532 To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1522616/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
