Public bug reported: Updating ec2 credential blob field via "openstack credential update" allows to update the EC2 credential access ID. Considering that EC2 credential access ID is used to calculate an ID of the "credential" (https://github.com/openstack/keystone/blob/7bb6314e40d6947294260324e84a58de191f8609/keystone/api/users.py#L363, https://github.com/openstack/keystone/blob/7bb6314e40d6947294260324e84a58de191f8609/keystone/common/utils.py#L101), the update action doesn't update the actual credential ID using a new access ID sha256sum. It can lead to orphaned ec2 credentials in the database.
** Affects: keystone Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1872753 Title: Updating EC2 credential blob can lead to a ec2 credential id / credential id mismatch Status in OpenStack Identity (keystone): New Bug description: Updating ec2 credential blob field via "openstack credential update" allows to update the EC2 credential access ID. Considering that EC2 credential access ID is used to calculate an ID of the "credential" (https://github.com/openstack/keystone/blob/7bb6314e40d6947294260324e84a58de191f8609/keystone/api/users.py#L363, https://github.com/openstack/keystone/blob/7bb6314e40d6947294260324e84a58de191f8609/keystone/common/utils.py#L101), the update action doesn't update the actual credential ID using a new access ID sha256sum. It can lead to orphaned ec2 credentials in the database. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1872753/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp