yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1555403] Re: mapping no longer allows 'type' attribute in 'user' object

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1555403@xxxxxxxxxxxxxxxxxx>
Date: Thu, 10 Mar 2016 19:22:32 -0000
Reply-to: Bug 1555403 <1555403@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/291004
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=f82fa39834f0283c31f0f1a7b08369c1534d539a
Submitter: Jenkins
Branch:    master

commit f82fa39834f0283c31f0f1a7b08369c1534d539a
Author: guang-yee <guang.yee@xxxxxxx>
Date:   Wed Mar 9 22:02:38 2016 -0800

    Fixing mapping schema to allow local user
    
    Mapping to local user was broken since we introduced JSON schema for
    mapping. That was because we've never accounted for the "type" attribute
    in the "user" object. This patch add it back so that we can map a
    remote user to either a local or ephemeral user.
    
    Closes-Bug: 1555403
    
    Change-Id: I7ae69b143e1bdade3e8ea9e2036227c7a38b3b10


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1555403

Title:
  mapping no longer allows 'type' attribute in 'user' object

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  For federation, we no longer able to map a remote user to a local user
  because the JSON schema does not allow the "type" attributes in the
  user object. This is a legit attribute and must be set to "local" in
  order to be able to map to a local user.

  To reproduce the problem:

    1. install devstack or do a fresh clone of Keystone
    2. save the following to test.json file

     [
               {
                   "local": [
                       {
                          "user": {
                              "name": "{0}",
                              "domain": {
                                  "name": "{1}"
                              },
                              "type": "local"
                          }
                       }
                  ],
                  "remote": [
                      {
                          "type": "SOMETHING"
                      },
                      {
                          "type": "STUFF"
                      }
                  ]
              }
          ]

    3.  $openstack --os-identity-api-version 3 --os-auth-url http://localhost:35357/v3 --os-username admin --os-user-domain-id default --os-project-name admin --os-project-domain-id default --os-password secrete mapping create --rules test.json test
  Additional properties are not allowed (u'type' was unexpected)
   (HTTP 400) (Request-ID: req-7da918c4-8519-412c-bbda-fb4b29a02505)

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1555403/+subscriptions

References

[Bug 1555403] [NEW] mapping no longer allows 'type' attribute in 'user' object
From: Guang Yee, 2016-03-10