AdminURL should not be returned on ServiceAPI
Bug #843057 reported by
klmitch
This bug report is a duplicate of:
Bug #854104: add ability to obscure internal and admin endpoints from standard users.
Edit
Remove
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Confirmed
|
High
|
Unassigned |
Bug Description
AdminURL is sensitive information. I think it should not be exposed on the ServiceAPI. But then how do we discover it? So maybe the solution is to only return it if the token provided is an admin token...
To post a comment you must log in.
New feature in API (bug in current implementation)