Description of problem: Service Catalog does not send over extra fields in extras instead it is top level of the json object. Version-Release number of selected component (if applicable): How reproducible: 100% Steps to Reproduce: 1. Use a user with scopes 2. 3. Actual results: X-Broker-API-Originating-Identity Header: kubernetes eyJncm91cHMiOlsic3lzdGVtOmF1dGhlbnRpY2F0ZWQ6b2F1dGgiLCJzeXN0ZW06YXV0aGVudGljYXRlZCJdLCJzY29wZXMuYXV0aG9yaXphdGlvbi5vcGVuc2hpZnQuaW8iOlsidXNlcjpmdWxsIiwidXNlcjpsaXN0LXByb2plY3RzIiwidXNlcjppbmZvIiwicm9sZTphZG1pbjpuZXctcHJvamVjdDohIl0sInVpZCI6IiIsInVzZXJuYW1lIjoiZGV2ZWxvcGVyIn0= {"groups":["system:authenticated:oauth","system:authenticated"],"scopes.authorization.openshift.io":["user:full","user:list-projects","user:info","role:admin:new-project:!"],"uid":"","username":"developer"} Expected results: eyJncm91cHMiOlsic3lzdGVtOmF1dGhlbnRpY2F0ZWQ6b2F1dGgiLCJzeXN0ZW06YXV0aGVudGljYXRlZCJdLEV4dHJhczp7InNjb3Blcy5hdXRob3JpemF0aW9uLm9wZW5zaGlmdC5pbyI6WyJ1c2VyOmZ1bGwiLCJ1c2VyOmxpc3QtcHJvamVjdHMiLCJ1c2VyOmluZm8iLCJyb2xlOmFkbWluOm5ldy1wcm9qZWN0OiEiXX0sInVpZCI6IiIsInVzZXJuYW1lIjoiZGV2ZWxvcGVyIn0K {"groups":["system:authenticated:oauth","system:authenticated"],Extras:{"scopes.authorization.openshift.io":["user:full","user:list-projects","user:info","role:admin:new-project:!"]},"uid":"","username":"developer"} Additional info:
Fixed in PRs: https://github.com/openshift/ansible-service-broker/pull/696 for version 1.0 https://github.com/openshift/ansible-service-broker/pull/694 for version 1.1 https://github.com/openshift/ansible-service-broker/pull/693 for canary and latest version.
Wrong browser tab ^ for the above comment, my apologies.
Wrong browser tab for the above comment, my apologies.
Fixed with PR: https://github.com/kubernetes-incubator/service-catalog/pull/1702
Changing status to "MODIFIED" since image not ready for test. PR #1702 was merged in service-catalog v0.1.5, the latest downstream image is v0.1.3
Changing status to "ON_QA" since downstream image ready for test.
Yes, that is a completely acceptable scope. I had added more scopes to my token for other testing purposes and didn't clean it when I submitted the bug sorry about that.
Changing status to "VERIFIED" base on comment 8 & comment 9
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0489
Remove "NeedTestCase" keyword since this issue is tracing by TC https://polarion.engineering.redhat.com/polarion/redirect/project/OSE/workitem?id=OCP-15733