Description of problem:
You can call Tuskar REST API without passing a token in the header. It doesn't require any authentication by default.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. For example: curl http://localhost:8585/v2/plans/7c796d61-cc8e-4c33-ae78-cb84b92a2a6f | python -m json.tool
Result is returned even though the query contained no authentication of any kind.
You'd expect this API call to be rejected.
jdob has an upstream fix for this (was just not enabled) @ https://review.openstack.org/#/c/182027/
Garth, Can you review this?
*** Bug 1235193 has been marked as a duplicate of this bug. ***
Marking Modified for now since we pulled these from the latest build.
Verified in openstack-tuskar-0.4.18-3.el7ost.noarch
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.