Bug 1539102 – X-Broker-API-Originating-Identity Does not have extras

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1539102 - X-Broker-API-Originating-Identity Does not have extras

Summary:	X-Broker-API-Originating-Identity Does not have extras

Status:	CLOSED ERRATA

Aliases:	None

Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Service Broker (Show other bugs)
Sub Component:
Version:	3.9.0
Hardware:	Unspecified Unspecified

Priority	unspecified Severity unspecified
Target Milestone:	---
Target Release:	3.9.0
Assigned To:	Paul Morie
QA Contact:	Zhang Cheng
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2018-01-26 11:20 EST by Shawn Hurley
Modified:	2018-07-18 22:33 EDT (History)
CC List:	4 users (show)

See Also:
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2018-03-28 10:23:11 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2018:0489	None	None	None	2018-03-28 10:23 EDT

Groups: None (edit)

Description Shawn Hurley 2018-01-26 11:20:44 EST

Description of problem:
Service Catalog does not send over extra fields in extras instead it is top level of the json object.

Version-Release number of selected component (if applicable):


How reproducible:
100%

Steps to Reproduce:
1. Use a user with scopes
2.
3.

Actual results:
X-Broker-API-Originating-Identity Header: kubernetes eyJncm91cHMiOlsic3lzdGVtOmF1dGhlbnRpY2F0ZWQ6b2F1dGgiLCJzeXN0ZW06YXV0aGVudGljYXRlZCJdLCJzY29wZXMuYXV0aG9yaXphdGlvbi5vcGVuc2hpZnQuaW8iOlsidXNlcjpmdWxsIiwidXNlcjpsaXN0LXByb2plY3RzIiwidXNlcjppbmZvIiwicm9sZTphZG1pbjpuZXctcHJvamVjdDohIl0sInVpZCI6IiIsInVzZXJuYW1lIjoiZGV2ZWxvcGVyIn0=

{"groups":["system:authenticated:oauth","system:authenticated"],"scopes.authorization.openshift.io":["user:full","user:list-projects","user:info","role:admin:new-project:!"],"uid":"","username":"developer"}

Expected results:
eyJncm91cHMiOlsic3lzdGVtOmF1dGhlbnRpY2F0ZWQ6b2F1dGgiLCJzeXN0ZW06YXV0aGVudGljYXRlZCJdLEV4dHJhczp7InNjb3Blcy5hdXRob3JpemF0aW9uLm9wZW5zaGlmdC5pbyI6WyJ1c2VyOmZ1bGwiLCJ1c2VyOmxpc3QtcHJvamVjdHMiLCJ1c2VyOmluZm8iLCJyb2xlOmFkbWluOm5ldy1wcm9qZWN0OiEiXX0sInVpZCI6IiIsInVzZXJuYW1lIjoiZGV2ZWxvcGVyIn0K

{"groups":["system:authenticated:oauth","system:authenticated"],Extras:{"scopes.authorization.openshift.io":["user:full","user:list-projects","user:info","role:admin:new-project:!"]},"uid":"","username":"developer"}


Additional info:

Comment 1 Shawn Hurley 2018-01-30 10:50:12 EST

Fixed in PRs:

https://github.com/openshift/ansible-service-broker/pull/696 for version 1.0
https://github.com/openshift/ansible-service-broker/pull/694 for version 1.1
https://github.com/openshift/ansible-service-broker/pull/693 for canary and latest version.

Comment 2 Shawn Hurley 2018-01-30 10:51:41 EST

Wrong browser tab ^ for the above comment, my apologies.

Comment 3 Shawn Hurley 2018-01-30 10:52:09 EST

Wrong browser tab for the above comment, my apologies.

Comment 4 Shawn Hurley 2018-02-01 15:24:14 EST

Fixed with PR: https://github.com/kubernetes-incubator/service-catalog/pull/1702

Comment 6 Zhang Cheng 2018-02-04 06:35:31 EST

Changing status to "MODIFIED" since image not ready for test.
PR #1702 was merged in service-catalog v0.1.5, the latest downstream image is v0.1.3

Comment 7 Zhang Cheng 2018-02-11 01:25:28 EST

Changing status to "ON_QA" since downstream image ready for test.

Comment 9 Shawn Hurley 2018-02-12 10:28:52 EST

Yes, that is a completely acceptable scope. I had added more scopes to my token for other testing purposes and didn't clean it when I submitted the bug sorry about that.

Comment 10 Zhang Cheng 2018-02-12 20:32:06 EST

Changing status to "VERIFIED" base on comment 8 & comment 9

Comment 13 errata-xmlrpc 2018-03-28 10:23:11 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0489

Comment 14 Zhang Cheng 2018-07-18 22:29:13 EDT

Remove "NeedTestCase" keyword since this issue is tracing by TC https://polarion.engineering.redhat.com/polarion/redirect/project/OSE/workitem?id=OCP-15733

Note You need to log in before you can comment on or make changes to this bug.