yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1645908] [NEW] Domain id reference for federated users fails in keystone middleware

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Pooja Ghumre <poojaghumre@xxxxxxxxx>
Date: Tue, 29 Nov 2016 23:19:20 -0000
Reply-to: Bug 1645908 <1645908@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Version: Keystone Mitaka

Keystone middleware expects the domain id field to be set for a user.
For federated users, the domain id is set to be None and hence causes an
error during autoscaling of a Heat stack created by SSO user.

Had to modify _populate_user() function in
keystone/token/providers/common.py to set a dummy domain id for
federated users as below to fix this issue:

        # Fix: domain id for federated users is None, so send dummy value.
        # Added is_local user attribute to distinguish local and federated users.
        if user_ref.get('is_local'):
            domain = self._get_filtered_domain(user_ref['domain_id'])
        else:
            domain = {
                      'id': CONF.federation.federated_domain_name,
                      'name': CONF.federation.federated_domain_name
                     }
        # end

Wondering if this is the right way to resolve the domain reference issue
for SSO.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1645908

Title:
  Domain id reference for federated users fails in keystone middleware

Status in OpenStack Identity (keystone):
  New

Bug description:
  Version: Keystone Mitaka

  Keystone middleware expects the domain id field to be set for a user.
  For federated users, the domain id is set to be None and hence causes
  an error during autoscaling of a Heat stack created by SSO user.

  Had to modify _populate_user() function in
  keystone/token/providers/common.py to set a dummy domain id for
  federated users as below to fix this issue:

          # Fix: domain id for federated users is None, so send dummy value.
          # Added is_local user attribute to distinguish local and federated users.
          if user_ref.get('is_local'):
              domain = self._get_filtered_domain(user_ref['domain_id'])
          else:
              domain = {
                        'id': CONF.federation.federated_domain_name,
                        'name': CONF.federation.federated_domain_name
                       }
          # end

  Wondering if this is the right way to resolve the domain reference
  issue for SSO.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1645908/+subscriptions

Follow ups

[Bug 1645908] Re: Domain id reference for federated users fails in keystone middleware
From: Morgan Fainberg, 2017-01-17