yahoo-eng-team team mailing list archive

[Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>]

** Changed in: keystone
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1347318

Title:
  Revocation events don't handle scoped tokens correctly

Status in OpenStack Identity (Keystone):
  Fix Released
Status in Keystone icehouse series:
  Fix Released

Bug description:
  
  Revoking a scoped token isn't handled correctly. If a scoped token is gotten from an unscoped token and the unscoped token is revoked, the scoped token should remain valid. Horizon uses this pattern.

  We've got a test for this in tempest, but because of another bug
  related to revocation events and MySQL
  (https://bugs.launchpad.net/keystone/+bug/1347961) and tempest is
  testing with MySQL, the tempest test didn't catch it.

  When running with DB2 10.5, sqlalchemy-migrate 0.9.1 and sqlalchemy
  0.8.4 on RHEL 6.5, seeing failures with the
  tempest.api.identity.admin.v3.test_tokens.TokensV3TestJSON.test_rescope_token
  (and xml) tests like this:

  Traceback (most recent call last):\n  File
  "/tmp/tempest/tempest/tempest/api/identity/admin/v3/test_tokens.py",
  line 145, in test_rescope_token\n    domain=\'Default\')\n  File
  "/tmp/tempest/tempest/tempest/services/identity/v3/json/identity_client.py",
  line 579, in auth\n    resp, body = self.post(self.auth_url,
  body=body)\n  File
  "/tmp/tempest/tempest/tempest/common/rest_client.py", line 218, in
  post\n    return self.request(\'POST\', url, extra_headers, headers,
  body)\n  File
  "/tmp/tempest/tempest/tempest/services/identity/v3/json/identity_client.py",
  line 605, in request\n    \'Unexpected status code
  {0}\'.format(resp.status))\nIdentityError: Got identity
  error\nDetails: Unexpected status code 404

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1347318/+subscriptions