OpenStack Identity (keystone)

Swift Auth backward compatibility broken

Bug #999998 reported by Liem Nguyen on 2012-05-16

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	Medium	Lin Hua Cheng	OpenStack Identity (keystone) 2012.2 "folsom"

Bug Description

In KSL (2012.1), Swift auth middleware uses a new format for expressing a container ACL for a user: <tenantName>:<userName>. In essex-3 and before, it was in the format of <tenantId>:<userName>.

This breaks backward-compatibility for those Swift containers that already have the old format for the ACL pre-KSL. To maintain backward compatibility, we should at least support the old format as well. It also appears that we are using tenantId to identify the tenant everywhere else (Nova project, Swift account), so why not in Swift ACL as well for consistency?

Thanks,
Liem

See original description

Liem Nguyen (liemmn) on 2012-05-16

description:

updated

Liem Nguyen (liemmn) on 2012-05-16

description:

updated

Lin Hua Cheng (lin-hua-cheng) on 2012-05-16

Changed in keystone:
assignee:	nobody → Lin Hua Cheng (lin-hua-cheng)

Joseph Heck (heckj) on 2012-05-20

Changed in keystone:
status:	New → Triaged
importance:	Undecided → Medium

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-05-22: Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/7655

Changed in keystone:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-05-22:

Fix proposed to branch: master
Review: https://review.openstack.org/7656

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-05-29: Fix merged to keystone (master)

Reviewed: https://review.openstack.org/7656
Committed: http://github.com/openstack/keystone/commit/30654a65eac7166b0bd0567ef1d3cabb43031fd3
Submitter: Jenkins
Branch: master

commit 30654a65eac7166b0bd0567ef1d3cabb43031fd3
Author: Lin Hua Cheng <email address hidden>
Date: Mon May 21 22:46:38 2012 -0700

Add ACL check using <tenant_id>:<user> format.

Fixes bug 999998.

    Swift auth middleware uses a new format for expressing
    a container ACL for a user: <tenant_name>:<user>. This
    fix add supports for checking ACL using the old format
    of <tenant_id>:<user>.

Change-Id: I44985b191afb174605c35041741056ae1e78fa77

Changed in keystone:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2012-07-04

Changed in keystone:
milestone:	none → folsom-2
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2012-09-27

Changed in keystone:
milestone:	folsom-2 → 2012.2

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.