Bug 1102303
Summary: | Multiple domain scopes interfere with each other | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Brenton Leanhardt <bleanhar> |
Component: | Node | Assignee: | Luke Meyer <lmeyer> |
Status: | CLOSED ERRATA | QA Contact: | libra bugs <libra-bugs> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 2.1.0 | CC: | adellape, cryan, jialiu, jliggitt, jokerman, libra-onpremise-devel, mmccomas, yanpzhan |
Target Milestone: | --- | Keywords: | Upstream |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | rubygem-openshift-origin-controller-1.23.10.2-1.el6op | Doc Type: | Bug Fix |
Doc Text: |
If an authorization token was created containing scopes for multiple domains, it was possible for the domain scopes to interfere with each other and cause queries using the token to not return the full list of authorized applications. This bug fix adds logic to ensure that queries are accurately returned when using authorization tokens with multiple domain scopes.
|
Story Points: | --- |
Clone Of: | 1102273 | Environment: | |
Last Closed: | 2014-06-23 07:38:00 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1102273 | ||
Bug Blocks: |
Description
Brenton Leanhardt
2014-05-28 17:36:44 UTC
Verified on 2.1.z/2014-06-10.3 Steps to verify: 1.Create 3 domains each with one app(such as app1, app2, app3 seperately in dom1,dom2,dom3) 2.Add view token to two domains (such as dom2,dom3) # rhc authorization-add --scope "domain/5397fa07db26c85e6f0000a0/view domain/5397fa7cdb26c85e6f0000a1/view" --note viewtest --expire-in 3600 3.Retrieve all domains using the generated token # curl -k -s -H 'Authorization:Bearer d3f912e6be79422bda953c149719cef3eb1c3228650dfc9e1286eded1a5ebab7' https://10.3.15.45/broker/rest/domains |json_reformat 4.Retrieve all apps using the generated token # curl -k -s -H 'Authorization:Bearer d3f912e6be79422bda953c149719cef3eb1c3228650dfc9e1286eded1a5ebab7' https://10.3.15.45/broker/rest/applications |json_reformat Actual results: 3.Found 2 domains 4.Found 2 apps commit fbaeb790ca288e5585da1a16350acdf7fd4b6952 Commit: Luke Meyer <lmeyer> CommitDate: Thu May 29 12:03:03 2014 -0400 broker: Make domain scopes additive #cherrypick origin-server: https://bugzilla.redhat.com/show_bug.cgi?id=1102273 commit 748f6211b5e178fa1fe7717bc739a6edfc287886 Author: Jordan Liggitt <jliggitt> Date: Wed May 28 11:38:50 2014 -0400 Bug 1102273: Make domain scopes additive and... commit 055e592b6d219c3f8779d61e234eac3d216909ab Commit: Luke Meyer <lmeyer> CommitDate: Thu May 29 12:06:13 2014 -0400 broker: Ensure at least one scope's conditions are met #cherrypick origin-server: https://bugzilla.redhat.com/show_bug.cgi?id=1102273 commit 57035eab8aa3aedb57a85a12de0d561a55651713 Author: Jordan Liggitt <jliggitt> Date: Wed May 28 12:41:11 2014 -0400 Ensure at least one scope's conditions are met, even when combined with complex queries Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-0781.html |