OpenStack Identity (keystone)

Federation mapping schema validation for "local" attributes could do better

Bug #1470718 reported by Julian Edwards on 2015-07-02

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	Low	Fernando Diaz	OpenStack Identity (keystone) mitaka-3 "m3"

Bug Description

I was bitten just now by getting my local attributes slightly wrong and put the "type" key outside of the "user" block like this:

         "local": [
             {
                 "user": {
                     "name": "{0}",
                     "domain": {"id": "default"}
                 },
                 "type": "local"
             }
         ],

Whereas it should have been like this:

         "local": [
             {
                 "user": {
                     "name": "{0}",
                     "domain": {"id": "default"},
                     "type": "local"
                 }
             }
         ],

The end result was a validation error about not having a group. It would have taken me ~3 hours less of digging (thanks stevemar!) if the validation had pointed this error out.

Tags:

Deepti Ramakrishna (dramakri) on 2015-07-02

Changed in keystone:
assignee:	nobody → Deepti Ramakrishna (dramakri)

Dolph Mathews (dolph) on 2015-07-09

tags:	added: user-experience
Changed in keystone:
importance:	Undecided → Low
status:	New → Triaged
tags:	added: federation

Fernando Diaz (diazjf) on 2015-11-26

Changed in keystone:
assignee:	Deepti Ramakrishna (dramakri) → Fernando Diaz (diazjf)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-11-26: Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/250162

Changed in keystone:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-01-23: Fix merged to keystone (master)

Reviewed: https://review.openstack.org/250162
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=cc2cfff50fd4c44cafb09c6882c905d931c123c8
Submitter: Jenkins
Branch: master

commit cc2cfff50fd4c44cafb09c6882c905d931c123c8
Author: Fernando Diaz <email address hidden>
Date: Thu Nov 26 00:00:57 2015 -0600

Strengthen Mapping Validation in Federation Mappings

    This patch allows for better validation of mappings. Only user,
    group, groups, and domain will be allowed as keys in the local
    level.

Change-Id: I490f0522829802968024a6ca1cb45c446c6a3e0f
Closes-Bug: #1470718

Changed in keystone:
status:	In Progress → Fix Released

Steve Martinelli (stevemar) on 2016-01-23

Changed in keystone:
milestone:	none → mitaka-3

Revision history for this message

Thierry Carrez (ttx) wrote on 2016-03-03: Fix included in openstack/keystone 9.0.0.0b3

This issue was fixed in the openstack/keystone 9.0.0.0b3 development milestone.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.