Identity token derived from RequestContext is missing domain info

Bug #1733898 reported by Alan Bishop on 2017-11-22
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
castellan
Undecided
Alan Bishop

Bug Description

When the Barbican key manager creates an identity token derived from a
RequestContext, the context's project domain info isn't included. As a result,
subsequent keystone authentication will use the v2 auth plugin, even when the
request context supports v3.

See [1] for an example of how this can cause problems. In the example, the key
manager request fails because TripleO isn't enabling the keystone v2 endpoint.

[1] http://logs.openstack.org/28/499928/19/check/tripleo-ci-centos-7-scenario002-multinode-oooq-container/2c6efb2/logs/subnode-2/var/log/containers/cinder/cinder-api.log.txt.gz#_2017-11-20_21_22_08_372

Changed in barbican:
assignee: nobody → Alan Bishop (alan-bishop)

This issue was fixed in the openstack/castellan 0.15.1 release.

Jeremy Liu (liujiong) on 2017-12-20
affects: barbican → castellan
Changed in castellan:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers