OpenStack Identity (keystone)

  1. Bug #1129713
  2. Comment #11

Comment 11 for bug 1129713

Revision history for this message
Dolph Mathews (dolph) wrote : Re: Validation of PKI tokens bypasses revocation check

Eek, I didn't consider that it was a regular old assert -- use of the assert keyword should be removed in favor of a condition:

  if belongs_to and data['tenant']['id'] != belongs_to:
    raise exceptions.Unauthorized('Token does not belong to specified tenant.')

(asserts are removed with compile-time optimization and wouldn't raise a useful error to the API)