yahoo-eng-team team mailing list archive

[OpenStack Infra <1577558@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.openstack.org/311886
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=0d376025bae61bf5ee19d992c7f336b99ac69240
Submitter: Jenkins
Branch:    master

commit 0d376025bae61bf5ee19d992c7f336b99ac69240
Author: Lance Bragstad <lbragstad@xxxxxxxxx>
Date:   Mon May 2 19:16:11 2016 +0000

    Fix fernet audit ids for v2.0
    
    The fernet token provider was doing some weird things with audit ids that
    caused token rescoping to not work because audit ids were never pulled from the
    original token. This commit also enables some tests for v2.0 authentication
    with the Fernet as the token provider.
    
    Closes-Bug: 1577558
    Change-Id: Iffbaf505ef50a6c6d97c5340645acb2f6fda7e0e


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1577558

Title:
  v2.0 fernet tokens audit ids are inconsistent

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  If you set the token provider to token.provider = fernet, get an
  unscoped token from v2.0, then rescope that token to a project, you'll
  notice the audit ids don't match. I've recreated this issue in a test
  [0].

  What should happen is that the unscoped token response will have a
  list of audit_ids containing a single audit_id. The project scoped
  token response from the unscoped token will also have a list of
  audit_ids in the token response but the original audit_id from the
  unscoped token will be in the list of the project scoped token.

  Right now this behavior doesn't exist in with the fernet provider on
  v2.0.

  
  [0] https://review.openstack.org/#/c/311816/1

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1577558/+subscriptions