Identity token derived from RequestContext is missing domain info
Bug #1733898 reported by
Alan Bishop
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
castellan |
Fix Released
|
Undecided
|
Alan Bishop |
Bug Description
When the Barbican key manager creates an identity token derived from a
RequestContext, the context's project domain info isn't included. As a result,
subsequent keystone authentication will use the v2 auth plugin, even when the
request context supports v3.
See [1] for an example of how this can cause problems. In the example, the key
manager request fails because TripleO isn't enabling the keystone v2 endpoint.
Changed in barbican: | |
assignee: | nobody → Alan Bishop (alan-bishop) |
affects: | barbican → castellan |
Changed in castellan: | |
status: | New → Fix Released |
To post a comment you must log in.
This issue was fixed in the openstack/castellan 0.15.1 release.