yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1627085] Re: The belongsTo query parameters for v2.0 is broken

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1627085@xxxxxxxxxxxxxxxxxx>
Date: Sat, 24 Sep 2016 05:19:07 -0000
Reply-to: Bug 1627085 <1627085@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/375097
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=7f3f5963518c2b3da16911bee696ceee15de8d58
Submitter: Jenkins
Branch:    master

commit 7f3f5963518c2b3da16911bee696ceee15de8d58
Author: Lance Bragstad <lbragstad@xxxxxxxxx>
Date:   Thu Sep 22 20:29:46 2016 +0000

    Fix the belongsTo query parameter
    
    The belongsTo query parameter is only supported by the v2.0
    token validation API. It would check the ID of the project passed
    to the belongsTo parameter against the project a token was scoped to.
    
    This commit corrects the implementation, tests, and adds
    documentation. It also moves the check to keystone.token.controller
    since belongsTo is a v2-ism and doesn't belong in the
    keystone.token.provider.
    
    Closes-Bug: 1627085
    Closes-Bug: 1626794
    Change-Id: I4a06a498112b81093d7e5ef3142bb1e2d0f78138


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1627085

Title:
  The belongsTo query parameters for v2.0 is broken

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  Apparently the v2.0 API has a query parameter that allows you to check
  if a token belongs to a tenant by passing the tenant name in the query
  parameter. Out tests ensure that the functionality is broken [0].

  The assertion in the test assumes that you can pass the tenant name -
  but the actual implementation of belongsTo checks for the tenant ID
  [1]. The implementation needs to be fixed to compare tenant names or
  the tests need to be refactored to pass the tenant ID.

  
  [0] https://github.com/openstack/keystone/blob/dc9a1d5f7061f2de6b75a79ad3133d9e3c14046a/keystone/tests/unit/test_auth.py#L419-L439
  [1] https://github.com/openstack/keystone/blob/dc9a1d5f7061f2de6b75a79ad3133d9e3c14046a/keystone/token/provider.py#L354-L365

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1627085/+subscriptions

References

[Bug 1627085] [NEW] The belongsTo query parameters for v2.0 is broken
From: Lance Bragstad, 2016-09-23