OpenStack Identity (keystone)

  1. Bug #1414961
  2. Comment #2

Comment 2 for bug 1414961

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/151109
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=ac928df1b92b35a7d07ce560a38cc848954ad0f1
Submitter: Jenkins
Branch: master

commit ac928df1b92b35a7d07ce560a38cc848954ad0f1
Author: zhiyuan_cai <email address hidden>
Date: Thu Jan 29 13:16:03 2015 +0800

    Fix evaluation logic of federation mapping rules

    In the evaluation of federation mapping rules, when "regex" is true,
    it's only checked that if the values from assertion match the values
    from mapping rules, and "any_one_of" and "not_any_of" options are
    bypassed. So if one specifies "regex: True" and "not_any_of" at the
    same time, he will got an unexpected result that assertion with values
    in "not_any_of" can pass the evaluation.

    The expected behaviour, when "regex" is true, should be matching values
    in assertion and mapping rules using regular expression, if match with
    "any_one_of" or not match with "not_any_of", pass the evaluation,
    otherwise fail the evaluation.

    Change-Id: Ic6969c6dc23cff3abce775711f9ed01ffdf8dcb1
    Closes-Bug: #1414961