yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1555403] [NEW] mapping no longer allows 'type' attribute in 'user' object

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Guang Yee <1555403@xxxxxxxxxxxxxxxxxx>
Date: Thu, 10 Mar 2016 01:43:35 -0000
Reply-to: Bug 1555403 <1555403@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

For federation, we no longer able to map a remote user to a local user
because the JSON schema does not allow the "type" attributes in the user
object. This is a legit attribute and must be set to "local" in order to
be able to map to a local user.

To reproduce the problem:

  1. install devstack or do a fresh clone of Keystone
  2. save the following to test.json file

   [
             {
                 "local": [
                     {
                        "user": {
                            "name": "{0}",
                            "domain": {
                                "name": "{1}"
                            },
                            "type": "local"
                        }
                     }
                ],
                "remote": [
                    {
                        "type": "SOMETHING"
                    },
                    {
                        "type": "STUFF"
                    }
                ]
            }
        ]

  3.  $openstack --os-identity-api-version 3 --os-auth-url http://localhost:35357/v3 --os-username admin --os-user-domain-id default --os-project-name admin --os-project-domain-id default --os-password secrete mapping create --rules test.json test
Additional properties are not allowed (u'type' was unexpected)
 (HTTP 400) (Request-ID: req-7da918c4-8519-412c-bbda-fb4b29a02505)

** Affects: keystone
     Importance: Critical
         Status: New

** Changed in: keystone
   Importance: Undecided => Critical

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1555403

Title:
  mapping no longer allows 'type' attribute in 'user' object

Status in OpenStack Identity (keystone):
  New

Bug description:
  For federation, we no longer able to map a remote user to a local user
  because the JSON schema does not allow the "type" attributes in the
  user object. This is a legit attribute and must be set to "local" in
  order to be able to map to a local user.

  To reproduce the problem:

    1. install devstack or do a fresh clone of Keystone
    2. save the following to test.json file

     [
               {
                   "local": [
                       {
                          "user": {
                              "name": "{0}",
                              "domain": {
                                  "name": "{1}"
                              },
                              "type": "local"
                          }
                       }
                  ],
                  "remote": [
                      {
                          "type": "SOMETHING"
                      },
                      {
                          "type": "STUFF"
                      }
                  ]
              }
          ]

    3.  $openstack --os-identity-api-version 3 --os-auth-url http://localhost:35357/v3 --os-username admin --os-user-domain-id default --os-project-name admin --os-project-domain-id default --os-password secrete mapping create --rules test.json test
  Additional properties are not allowed (u'type' was unexpected)
   (HTTP 400) (Request-ID: req-7da918c4-8519-412c-bbda-fb4b29a02505)

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1555403/+subscriptions

Follow ups

[Bug 1555403] Re: mapping no longer allows 'type' attribute in 'user' object
From: OpenStack Infra, 2016-03-10