castellan

Identity token derived from RequestContext is missing domain info

Bug #1733898 reported by Alan Bishop
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
castellan
Fix Released
Undecided
Alan Bishop

Bug Description

When the Barbican key manager creates an identity token derived from a
RequestContext, the context's project domain info isn't included. As a result,
subsequent keystone authentication will use the v2 auth plugin, even when the
request context supports v3.

See [1] for an example of how this can cause problems. In the example, the key
manager request fails because TripleO isn't enabling the keystone v2 endpoint.

[1] http://logs.openstack.org/28/499928/19/check/tripleo-ci-centos-7-scenario002-multinode-oooq-container/2c6efb2/logs/subnode-2/var/log/containers/cinder/cinder-api.log.txt.gz#_2017-11-20_21_22_08_372

Alan Bishop (alan-bishop)
Changed in barbican:
assignee: nobody → Alan Bishop (alan-bishop)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/castellan 0.15.1

This issue was fixed in the openstack/castellan 0.15.1 release.

Jeremy Liu (liujiong)
affects: barbican → castellan
Changed in castellan:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.