← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1428949] [NEW] Fernet tokens do not support domain scopes

 

Public bug reported:

Attempting to get a domain-scoped token with the Fernet token provider
returns a token - everything appears to have worked. When validating
that token though, it appears to be unpacked as a project-scoped token,
which ultimately fails.

The short of it is that domain-scope support doesn't really exist yet,
and the current behavior will only work if the hierarchical multitenancy
effort successfully migrates domains to be projects.

** Affects: keystone
     Importance: High
     Assignee: Dolph Mathews (dolph)
         Status: Triaged


** Tags: fernet

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1428949

Title:
  Fernet tokens do not support domain scopes

Status in OpenStack Identity (Keystone):
  Triaged

Bug description:
  Attempting to get a domain-scoped token with the Fernet token provider
  returns a token - everything appears to have worked. When validating
  that token though, it appears to be unpacked as a project-scoped
  token, which ultimately fails.

  The short of it is that domain-scope support doesn't really exist yet,
  and the current behavior will only work if the hierarchical
  multitenancy effort successfully migrates domains to be projects.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1428949/+subscriptions


Follow ups

References