Reviewed: https://review.openstack.org/311886 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=0d376025bae61bf5ee19d992c7f336b99ac69240 Submitter: Jenkins Branch: master
commit 0d376025bae61bf5ee19d992c7f336b99ac69240 Author: Lance Bragstad <[email protected]> Date: Mon May 2 19:16:11 2016 +0000 Fix fernet audit ids for v2.0 The fernet token provider was doing some weird things with audit ids that caused token rescoping to not work because audit ids were never pulled from the original token. This commit also enables some tests for v2.0 authentication with the Fernet as the token provider. Closes-Bug: 1577558 Change-Id: Iffbaf505ef50a6c6d97c5340645acb2f6fda7e0e ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1577558 Title: v2.0 fernet tokens audit ids are inconsistent Status in OpenStack Identity (keystone): Fix Released Bug description: If you set the token provider to token.provider = fernet, get an unscoped token from v2.0, then rescope that token to a project, you'll notice the audit ids don't match. I've recreated this issue in a test [0]. What should happen is that the unscoped token response will have a list of audit_ids containing a single audit_id. The project scoped token response from the unscoped token will also have a list of audit_ids in the token response but the original audit_id from the unscoped token will be in the list of the project scoped token. Right now this behavior doesn't exist in with the fernet provider on v2.0. [0] https://review.openstack.org/#/c/311816/1 To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1577558/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp

