← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #74750

[Bug 1793027] Re: Flask doesn't normalize domains sanely in some cases

  Thread PreviousDate PreviousThread Next 
Reviewed:  https://review.openstack.org/603239
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=c96c7fd03b7afab033bcb31465390f46e56089c5
Submitter: Zuul
Branch:    master

commit c96c7fd03b7afab033bcb31465390f46e56089c5
Author: morgan fainberg <morgan.fainberg@xxxxxxxxx>
Date:   Mon Sep 17 14:59:08 2018 -0700

    Properly normalize domain ids in flask
    
    Previously domain_id normalization was done (in webob) resulting
    in possibly one of four results (ref['domain_id'] is changed):
    
      * Domain ID present in ref -> no change to ref
    
      * Domain ID not present, domain scoped token ->
        ref['domain_id'] = scope domain id
    
      * Domain ID not present, "admin" token -> raise ValidationError
    
      * Domain ID not present, project scoped token -> default domain
        [Deprecated functionality]
    
    In flask, only the first case worked. This change corrects the behavior
    and adds a test to ensure proper data is extracted from oslo.context.
    
    Change-Id: Iacb502a2aa3fe633f74c7e19e13c46f4f85e55db
    Closes-Bug: #1793027


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1793027

Title:
  Flask doesn't normalize domains sanely in some cases

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  Under webob, domain normalization (for creation of some resources)
  resulted in a few possible options:

    * Domain ID present in ref -> no change to ref
    
    * Domain ID not present, domain scoped token ->
      ref['domain_id'] = scope domain id

    * Domain ID not present, "admin" token -> raise ValidationError

    * Domain ID not present, project scoped token -> default domain
      [Deprecated functionality]

  Under flask, only the first scenario worked. Keystone, Tempest, and
  Heat all only test for actual explicit domain id specified on creation
  (groups notably). Shade/SDK tests a broader form and caught this
  error[0][1] (reported by Monty Taylor)

  [0] http://logs.openstack.org/33/599533/1/gate/shade-functional-devstack-tips/0a92f9f/testr_results.html.gz
  [1] http://logs.openstack.org/33/599533/1/gate/shade-functional-devstack-tips/0a92f9f/controller/logs/screen-keystone.txt.gz?level=ERROR

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1793027/+subscriptions

References

  Thread PreviousDate PreviousThread Next