Reviewed: https://review.openstack.org/265002
Committed:
https://git.openstack.org/cgit/openstack/keystone/commit/?id=c75f39f3d6e4a2caa37322adcf2e296ec7c573c8
Submitter: Jenkins
Branch: master
commit c75f39f3d6e4a2caa37322adcf2e296ec7c573c8
Author: Morgan Fainberg <morgan.fainb...@gmail.com>
Date: Thu Jan 7 15:18:03 2016 -0800
Revert "Validate domain ownership for v2 tokens"
This reverts commit c4723550aa95be403ff591dd132c9024549eff10.
This revert is being proposed as it breaks behavior that real-world
deployments rely on. The deployments requested the V2 token with
user_id and tenantId and then used the V2 token for the
non-default-domain user to access swift.
While the deployment is being encouraged to fix their code to use V3,
this is behavior that was supported and used.
This revert was done by hand due to the volume of change that has
occured to the tests since the original patch landed.
Conflicts (a lot of test refactoring):
keystone/tests/unit/test_v3_assignment.py
keystone/tests/unit/test_v3_auth.py
keystone/tests/unit/test_v3_identity.py
Change-Id: I4a303a5fcc8c2dacef5960e9e26ad9402f34a790
Closes-Bug: 1527759
** Changed in: keystone
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1527759
Title:
Default domain no longer lets keystone tenant-list work
Status in OpenStack Identity (keystone):
Fix Released
Bug description:
We recently upgraded from kilo.0 to kilo.2 in our dev environment and
noticed that keystone tenant-list is always failing for the admin
user.
Our config is as follows default domain is tied to read-only ldap
(AD), a heat domain is created to use for trusts to handle the created
heatstack users/passwords. Under kilo.0 everything was happy. Under
kilo0.2 we get the following error:
keystone tenant-list
The request you have made requires authentication. (HTTP 401) (Request-ID:
req-d30289f0-778d-4577-8150-7ddd5438ad9c)
The main error message is:
2015-12-16 17:07:36.493 20386 WARNING keystone.common.wsgi [-] Authorization
failed. Non-default domain is not supported (Disable debug mode to suppress
these details.) (Disable debug mode to suppress these details.) from
10.224.48.132
Looking at the differences between kilo.0 and kilo.2 it seems like:
https://github.com/openstack/keystone/commit/9dfad21201251364c6d205e8e79813bfe78e6107
is the most likely culprit for this regression. However, I have not
yet been able to test if reverting that change fixes the issue.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1527759/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
