Federation mapping schema validation for "local" attributes could do better

Bug #1470718 reported by Julian Edwards
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Low
Fernando Diaz

Bug Description

I was bitten just now by getting my local attributes slightly wrong and put the "type" key outside of the "user" block like this:

         "local": [
             {
                 "user": {
                     "name": "{0}",
                     "domain": {"id": "default"}
                 },
                 "type": "local"
             }
         ],

Whereas it should have been like this:

         "local": [
             {
                 "user": {
                     "name": "{0}",
                     "domain": {"id": "default"},
                     "type": "local"
                 }
             }
         ],

The end result was a validation error about not having a group. It would have taken me ~3 hours less of digging (thanks stevemar!) if the validation had pointed this error out.

Changed in keystone:
assignee: nobody → Deepti Ramakrishna (dramakri)
Dolph Mathews (dolph)
tags: added: user-experience
Changed in keystone:
importance: Undecided → Low
status: New → Triaged
tags: added: federation
Fernando Diaz (diazjf)
Changed in keystone:
assignee: Deepti Ramakrishna (dramakri) → Fernando Diaz (diazjf)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/250162

Changed in keystone:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/250162
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=cc2cfff50fd4c44cafb09c6882c905d931c123c8
Submitter: Jenkins
Branch: master

commit cc2cfff50fd4c44cafb09c6882c905d931c123c8
Author: Fernando Diaz <email address hidden>
Date: Thu Nov 26 00:00:57 2015 -0600

    Strengthen Mapping Validation in Federation Mappings

    This patch allows for better validation of mappings. Only user,
    group, groups, and domain will be allowed as keys in the local
    level.

    Change-Id: I490f0522829802968024a6ca1cb45c446c6a3e0f
    Closes-Bug: #1470718

Changed in keystone:
status: In Progress → Fix Released
Changed in keystone:
milestone: none → mitaka-3
Revision history for this message
Thierry Carrez (ttx) wrote : Fix included in openstack/keystone 9.0.0.0b3

This issue was fixed in the openstack/keystone 9.0.0.0b3 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.