Reviewed: https://review.openstack.org/494049 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=058a23c0873723d5a4ffa8e99121f7b3b4485db5 Submitter: Jenkins Branch: master
commit 058a23c0873723d5a4ffa8e99121f7b3b4485db5 Author: Lance Bragstad <lbrags...@gmail.com> Date: Tue Aug 1 16:03:53 2017 +0000 Remove duplicate roles from federated auth We were using a one-liner to prune duplicate role references from a list of roles, but it didn't work in all cases. This reworks the logic to pass the existing test case. I also added a comment explaining why the logic we used previously doesn't work so we can hopefully avoid the pattern in the future. Change-Id: Id786d6463364ad8f4f02c22bb83221baac4b83d0 Closes-Bug: 1701324 ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1701324 Title: Removing duplicated items doesn't work in case of federations Status in OpenStack Identity (keystone): Fix Released Bug description: In commit eed233cac8f34ce74a2f6fa989c484773c491df3 "Concrete role assignments for federated users" there was added handling of federation-related objects. In that implementation objects like roles, projects and domains were aggregated from 2 sources - from appropriate tables directly and from federation-related hooks. This mechanism can lead to situation when there's duplication of objects, so for such cases code for filtering out duplicates was added. It was impemented in the following way: domains = [dict(t) for t in set([tuple(d.items()) for d in domains])] where domains is a list of dicts, each of which contains information about appropriate domain. This code can work fine in some situations but in general can work in a wrong way because dict "items" method returns key-value pairs in arbitrary order according to https://docs.python.org/2/library/stdtypes.html#dict.items. So, this code may remain unchanged list of 2 similar dicts where items listed out in a different order. This code was introduced in upstream Thu Feb 25 21:39:15 2016, so it seems that this code remains in newton and ocata and master branch. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1701324/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp