yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1347318] Re: Revocation events don't handle scoped tokens correctly

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Alan Pevec <1347318@xxxxxxxxxxxxxxxxxx>
Date: Wed, 06 Aug 2014 23:05:15 -0000
Reply-to: Bug 1347318 <1347318@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Also affects: keystone/icehouse
   Importance: Undecided
       Status: New

** Changed in: keystone/icehouse
   Importance: Undecided => High

** Changed in: keystone/icehouse
       Status: New => In Progress

** Changed in: keystone/icehouse
     Assignee: (unassigned) => Brant Knudson (blk-u)

** Changed in: keystone/icehouse
    Milestone: None => 2014.1.2

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1347318

Title:
  Revocation events don't handle scoped tokens correctly

Status in OpenStack Identity (Keystone):
  Fix Committed
Status in Keystone icehouse series:
  In Progress

Bug description:
  
  Revoking a scoped token isn't handled correctly. If a scoped token is gotten from an unscoped token and the unscoped token is revoked, the scoped token should remain valid. Horizon uses this pattern.

  We've got a test for this in tempest, but because of another bug
  related to revocation events and MySQL
  (https://bugs.launchpad.net/keystone/+bug/1347961) and tempest is
  testing with MySQL, the tempest test didn't catch it.

  When running with DB2 10.5, sqlalchemy-migrate 0.9.1 and sqlalchemy
  0.8.4 on RHEL 6.5, seeing failures with the
  tempest.api.identity.admin.v3.test_tokens.TokensV3TestJSON.test_rescope_token
  (and xml) tests like this:

  Traceback (most recent call last):\n  File
  "/tmp/tempest/tempest/tempest/api/identity/admin/v3/test_tokens.py",
  line 145, in test_rescope_token\n    domain=\'Default\')\n  File
  "/tmp/tempest/tempest/tempest/services/identity/v3/json/identity_client.py",
  line 579, in auth\n    resp, body = self.post(self.auth_url,
  body=body)\n  File
  "/tmp/tempest/tempest/tempest/common/rest_client.py", line 218, in
  post\n    return self.request(\'POST\', url, extra_headers, headers,
  body)\n  File
  "/tmp/tempest/tempest/tempest/services/identity/v3/json/identity_client.py",
  line 605, in request\n    \'Unexpected status code
  {0}\'.format(resp.status))\nIdentityError: Got identity
  error\nDetails: Unexpected status code 404

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1347318/+subscriptions

References

[Bug 1347318] [NEW] tempest.api.identity.admin.v3.test_tokens.TokensV3TestJSON.test_rescope_token race fails with DB2
From: Matt Riedemann, 2014-07-23