summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Prepare for using standard python testsmitaka-eolstable/mitakaAndreas Jaeger2017-02-022-0/+63
| | | | | | | | | | | | | | | | | | Add simple script to setup mysql and postgresql databases, this script can be run by users during testing and will be run by CI systems for specific setup before running unit tests. This allows to change in project-config the python-db jobs to python-jobs since python-jobs will call this script initially. Update README for this. See also http://lists.openstack.org/pipermail/openstack-dev/2016-November/107784.html Needed-By: Ic42f8d5392ab1d9b52c6c84c92dee0092bd2779a Change-Id: I253726467151622e8aa3ff40bacc0b3f9903b342 (cherry picked from commit 61933fef10a092b951aae440800531fd8b44c558)
* Catch potential SyntaxError in federation mapping9.3.0Eric Brown2017-01-263-1/+57
| | | | | | | | | | | | When using the 'groups' keyword in a federation mapping, the value passed in the assertion map be a simple string with a space. For example, "ALL USERS". This results in ast.literal_eval() raising a SyntaxError and not ValueError, which bubbles up to the API as an uncaught 500 Internal Server Error. Change-Id: I61f93a6c54b62ba8719d2603f93dc18c33b581ce Closes-Bug: #1629446 (cherry picked from commit 9e1e2c2156f365078085db54dfbbfff50e2c2b84)
* Enhance federation group mapping validationGyorgy Szombathelyi2017-01-203-30/+124
| | | | | | | | | | A group must be reffered either with an ID, or the name _and_ the domain. Change the JSON validation schema to check this. Closes-Bug: #1657978 Change-Id: I213876e30fc0521195848479278080bdac8387de (cherry picked from commit a9d79e098732445efcd58a6b03148fe6c62e044a)
* Add mapping validation testsGyorgy Szombathelyi2017-01-212-2/+64
| | | | | | | Increase the coverage of the mapping JSON schema tests. Change-Id: I8a28d4b7059010fe99a596a1167da8742d586873 (cherry picked from commit 09d13cf1373990433068e5b348aa8e2967c183c9)
* Make bootstrap idempotent when it needs to beLance Bragstad2016-12-142-34/+78
| | | | | | | | | | | | | | | | | | | | This commit makes `keystone-manage bootstrap` completely idempotent when configuration values or environment variables haven't changed between runs. If they have changed, then `bootstrap` shouldn't be as idempotent becuase it's changing the state of the deployment. This commit addresses these issues and adds tests to ensure the proper behavior is tested. Conflicts: keystone/tests/unit/test_cli.py As of Newton and newers releases, a context is no longer passed into the controller, but a request object. Change-Id: I053b27e881f5bb67db1ace01e6d06aead10b1e47 Closes-Bug: 1647800 (cherry picked from commit 90f2f96e69b8bfd5058628b50c9f0083e3f293e9)
* Expose idempotency issue with bootstrapLance Bragstad2016-12-141-0/+43
| | | | | | | | | | | | | | | | | | | | | | During some upgrade testing I was doing locally, I noticed an issue where `keystone-manage bootstrap` isn't completely idempotent. This is because `bootstrap` has the ability to recover lost admin accounts by reseting the admin user's enabled status and updating their password, regardless of it being different. This creates a revocation event and causes admin tokens to be invalid after bootstrap is run for a second time, making it not as idempotent as we'd like. This commit introduces a test that exposes this behavior. Conflicts: keystone/tests/unit/test_cli.py In Newton and newer releases the context is no longer passed in to the controller, but rather a request object. Change-Id: I627255b2b5d6ec401af2c07c4018930fea206e4a Partial-Bug: 1647800 (cherry picked from commit 2dae412940105c64c4ea1ed77e6a45793faa0efa)
* Update constraints in tox.iniSteve Martinelli2016-12-131-12/+0
| | | | | | | | | | | | | | | | | | | | | This is a merge of two commits, the gate is wedged. 1. Constraints are ready to be used for tox.ini Per email[1] from Andreas, we don't need to hack at install_command any longer. [1] http://openstack.markmail.org/thread/a4l7tokbotwqvuoh 2. Use constraints for coverage job OpenStack CI supports now constraints in the coverage job - as a first job to check that the recent changes for zuul-cloner work correctly. Change-Id: I3812776ab228bf28df9934273df7fe8ee0880660 (cherry picked from commit a6c77639a1ecd5421eaf37b8775e2e44c0d80d38) Change-Id: Ic224c1e20693410c485e45cab5bdaa5d96192f09 (cherry picked from commit 85ae2454c9eea8fa134df74527cbd1f2e910fe05)
* Merge "Consistently round down timestamps" into stable/mitakaJenkins2016-10-067-6/+79
|\
| * Consistently round down timestampsLance Bragstad2016-09-227-6/+79
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is one of the ways we can prevent race conditions with backends that round datetime objects or strings before persisting them. Closes-Bug: 1622010 (cherry picked from commit 301b6a7bc770830485937f0b9927a26e2e5ec8c8) Conflicts: keystone/tests/unit/test_v3_auth.py: freezegun was added only in Newton keystone/tests/unit/test_v3_os_revoke.py: minor conflict In addition to cherry-pick, time.sleep() was added to several tests. The tests assume that some time must pass between some operations. In Newton and later this was done in other, unrelated commits and freezegun was used. Freezegun cannot be used in Mitaka. Because of that, time.sleep() was added at the same places where freezegun's tick() is used in Newton. Change-Id: I7c6d525dfb4ec13edb360a77b27422310d545305
* | Verify domain_id when get_domain is being calledMartin Schuppert2016-09-302-0/+13
|/ | | | | | | | | | | | | | | | When create user using API it is possible to use a domain_id which does match the created domain_id since mysql per default is not case sensitive and returns the domain_id to be valid. In e.g. liberty this breaks cli keystone v2 user list actions when a user with a DEFaULt domain has been created. With this change the domain_id is being validated with what provided with the API call in get_domain. cherry-picked from 7df92f7b624500e24b71c4b2d516604e0edb52f2 Change-Id: I028b2add3067e6fb9aa3f33eb8fe10d8ebace006 Closes-Bug: #1594284
* Distributed cache namespace to invalidate regions9.2.0David Stanek2016-09-146-75/+347
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | dogpile.cache's region invalidation is not designed to work across processes. This patch enables distributed invalidation of keys in a region. Instead of using a static cache key, we use the original cache key and append a dynamic value to it. This value is looked up in memcached using the region name as a key. So anytime the value of the region key changes the cache keys in that region are effectively invalidated. Conflicts: keystone/assignment/core.py: imports were fixed keystone/catalog/core.py: imports were fixed keystone/common/cache/core.py: dogpile.cache doesn't have invalidation strategies in 0.5.8. Because of that, call to region.invalidate was redefined. keystone/identity/core.py: there is no per-region cache in id_mapping_api in Mitaka keystone/revoke/core.py: there is no per-region cache in revocations in Mitaka keystone/server/backends.py: removed configuration of regions which were added only in Newton keystone/tests/unit/test_v3_assignment.py: conflict due to freezegun being used in Newton and not used in Mitaka keystone/token/provider.py: there is no per-region cache in token providers in Mitaka Closes-Bug: #1590779 Change-Id: Ib80d41d43ef815b37282d72ad68e7aa8e1ff354e (cherry picked from commit 42eda48c78f1153081b4c193dc13c88561409fd3)
* Add dummy domain_id column to cached roleColleen Murphy2016-08-181-0/+26
| | | | | | | | | | | | | | | | | | | When token caching is turned on, upgrading from stable/liberty to stable/mitaka or master causes tokens to fail to be issued for the time-to-live of the cache. This is because as part of the token issuance the token's role is looked up, and the cached version of the role immediately after upgrade does not have a domain_id field, even though that column was successfully added to the role database. This patch hacks around that by artificially adding a null domain_id value to the role reference. This must be done in the manager, as opposed to the driver, because it is the manager that is caching the value and so modifying the value returned by the driver has no effect. Change-Id: I55c791486f2a26ae995f693370b016895176a16f Closes-bug: #1592169 (cherry picked from commit bc99dc76775d22eca01b818f37de35a76ece9d72)
* Merge "Fix the username value in federated tokens" into stable/mitakaJenkins2016-08-174-6/+29
|\
| * Fix the username value in federated tokensRoxana Gherle2016-07-184-6/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, in both unscoped and scoped federated tokens, the username value in the token is equal to the userid and not to the value of the username in the external identity provider. This makes WebSSO login to show the userid of the logged-in user in the Horizon dashboard, whereas before it was showing the actual user name. This patch fixes the value of the username in the federated tokens, which will fix the WebSSO issue as well, since Horizon looks at the username value and displays that as the logged-in user. Closes-Bug: #1597101 Closes-Bug: #1482701 Change-Id: I33a0274641c4e6bc4e127f5206ba9bc7dbd8e5a8 (cherry picked from commit 2042c955c81929deb47bc8cc77082b085faaa47d)
* | Change LocalUser sql model to eager loadingRonald De Rose2016-07-271-1/+3
|/ | | | | | | | | | | This patch changes the LocalUser sql model to eager loading. Subquery loading is eager loading as the parents are loaded, using one additional SQL statement, which issues a JOIN to a subquery of the original statement, for each collection requested. Closes-Bug: 1606426 Change-Id: I48965676ad6a796115caef5e90974cb617243223 (cherry-picked from: 4b9384dea36755c0dc0256f7392bf8c1e13f6632)
* Merge "Bootstrap: enable and reset password for existing users" into ↵Jenkins2016-07-112-0/+40
|\ | | | | | | stable/mitaka
| * Bootstrap: enable and reset password for existing usersDolph Mathews2016-06-032-0/+40
| | | | | | | | | | | | | | | | | | | | | | | | | | | | One of the common use cases for the admin_token middleware was to provide a recovery mechanism for cloud operators that had accidentally disabled themselves or lost their password. Instead of using bootstrap to create a second admin just to recover the first, this change allows bootstrap to reset the user's credentials and ensure that the account is enabled. Change-Id: I82cafced67852335e9bb49035f13c993c7ccd2df Closes-Bug: 1588860 (cherry picked from commit d6b016dd91c743a2f454a3b4f9d055510c2215ae)
* | Merge "/services?name=<name> API fails when using list_limit" into stable/mitakaJenkins2016-07-114-4/+23
|\ \
| * | /services?name=<name> API fails when using list_limitRoxana Gherle2016-06-224-4/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When using list_limit configuration option in Default section of keystone.conf, the /services?name=<service_name> API fails to find the service if list_limit value is smaller than the total number of services and the searched service is not among the first 'list_limit' services. The API should first filter by name and only afterwards truncate the result list. Also, this patch fixes setting the 'truncated' attribute of the driver's hint.limit object when truncating the list outside of driver_hints.truncated decorator, problem exposed by fixing the problem described in the first paragraph. Closes-Bug: #1594482 (cherry picked from commit 6a9a9f002f44c15d40cf890eefd03a4ab6172b0b) Conflicts: keystone/tests/unit/test_v3_catalog.py Change-Id: I832f542c3cb0faf94a1e5bce5a894f7f4d26a8de
* | | Handle catalog backends that don't support all functions.Sam Morrison2016-07-063-24/+65
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Using the templated backend for catalogs deleting a project will currently work but it will return an error to the user that is raised in the delete notification code handling. Change-Id: Ie2ecb226389a7ee74dc64b28b0e08817e6375801 Closes-Bug: #1579604 (cherry picked from commit 8232f4f23c1c33a6e45073386f40e79139d9b980)
* | | Correct domain_id and name constraint dropping9.1.0Liam Young2016-06-223-2/+230
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The 'domain_id' and 'name' unique constraint was not properly dropped in some cases because the unique constraint was not consistently named. In all cases we must search for the constraint expected, not assume the name of the constraint will be consistent (especially from older installs that have been moved forward in releases). This fix is modeled on the fix for a similair issue authored by Morgan Fainberg & Matthew Thode for Bug #1562934 Migration 091: Fix to broken migration to prevent failed migrations when database is upgraded from Kilo (or below) to Mitaka Migration 097: Ensure that when Mitaka point release is applied the constraint and tables have been dropped if migration 91 was previously worked around. Migration 91 drops 3 columns from the user table after the code to disable the constraint. I have included code in migrations 97 to also drop those columns if they are still present in case they were missed when working around Bug #1572341. This may be over kill. The following file conflicted since Opportunistic DB testing was included in the Newton release. keystone/tests/unit/test_sql_upgrade.py Note that migration 104 was removed since it does not exist in the Mitaka release. The unit tests were also modified accordingly. Change-Id: I076d7139b388e30be8826d0a4550256b5617d992 Closes-bug: #1572341
* | Merge "Updated from global requirements" into stable/mitakaJenkins2016-06-111-1/+1
|\ \
| * | Updated from global requirementsOpenStack Proposal Bot2016-06-101-1/+1
| | | | | | | | | | | | Change-Id: I7d9e0f182a32afab61deaeb359454c556f03a90e
* | | Merge "Honor ldap_filter on filtered group list" into stable/mitakaJenkins2016-06-112-3/+34
|\ \ \ | |/ / |/| |
| * | Honor ldap_filter on filtered group listMatthew Edmonds2016-06-092-3/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix GET /v3/groups?name=<name> to honor conf.ldap.group_filter. The case where groups are listed for a specific user was already honoring the filter, but the case where all groups are listed was not. Moved the check into the get_all_filtered method that is shared by both cases so that it is not duplicated. Change-Id: I4a11394de2e6414ba936e01bcf2fcc523bab8ba5 Closes-Bug: #1588927 (cherry picked from commit 1c0e59dc9c0cd8bb4fd54f26d01986a53bcd148c)
* | | Merge "Return 404 instead of 401 for tokens w/o roles" into stable/mitakaJenkins2016-06-092-12/+34
|\ \ \ | |/ / |/| |
| * | Return 404 instead of 401 for tokens w/o rolesRoxana Gherle2016-06-082-12/+34
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a scoped-token was validated and the user didn't have any role assignment on a project, keystone would return a 401 Unauthorized. This was the case when the fernet token provider was enabled because the reference is rebuilt on every request. The uuid token provider has a different behavior - if the token isn't found in the backend a 404 Not Found is returned. Furthermore, for persisted tokens, any validation error will result in 404, such as in the case where user no longer have any roles assigned for the given scope. These two behaviors should be consistent regardless of the token provider. This problem was not fixed entirely with https://review.openstack.org/#/c/277436/ because of token caching in devstack which masks the wrong error code for the period of time the token is cached. Therefore, in order to test this in devstack you need to take into account the caching time after un-assigning the role on a project and while using the same fernet token. Closes-Bug: #1541621 Change-Id: I9d36c5c73d5a832cd04dd4c1368b8d769e0acc4c (cherry picked from commit fde57f68e290575e874234fc751d2380637a07f5)
* | Revert to caching fernet tokens the same way we do UUIDHenry Nash2016-06-081-0/+8
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In Liberty we used to cache the whole token at the provider manager validate token call. However, in Mitaka we changed this, for non-persistent tokens (e.g. fernet), to instead attempt to cache the individual components that make up the token. This change caused validating a fernet token to become 5 times slower than the same operation in Liberty (as well as UUID in both releases). This patches re-instates full-token caching for fernet. This should be considered somewhat of a bandaid to redress the performance degredation, while we work to restructure our token issuance and validation to simplify the multiple code paths. In terms of invalidation of such a cache, this change effectively reverts to the Liberty approach where anything logged to the revokation manager will still cause validaiton of the token to fail (this is checked for all token types). However, the alternate (and confusingly additonal) "direct" invalidation of the cache via the pesistance manager will, like in Liberty, not have any effect with cached fernet tokens. As far as I can tell, all situations where we currently want a token revoked will send this information to both the revoke and persistance managers, hence this change should not result in any tokens remaining valid when they shouldn't. Closes-Bug: #1590179 Change-Id: I80371746735edac075eec9986e89b54b66bc47cb (cherry picked from commit 9c89e07b11afa2e12c97d0af514ce5fcc04e2ac3)
* Honor ldap_filter on filtered user listMatthew Edmonds2016-05-262-1/+15
| | | | | | | | Fix GET /v3/users?name=<name> to honor conf.ldap.user_filter. Change-Id: I65cacc04c218a7c87855a305c7e0088ac5860cc8 (cherry picked from commit 322a744ba852a5a4e59c713a52168fa8db2552ca) Closes-Bug: #1577804
* Fix post jobs9.0.2Andreas Jaeger2016-05-241-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | The tox venv environment is run during post jobs and thus cannot use constraints. See: http://logs.openstack.org/db/db7bdf9aa0cb0ba5fbae5ae07ecdb9f024213deb/post/keystone-docs/92d1e87/ http://logs.openstack.org/db/db7bdf9aa0cb0ba5fbae5ae07ecdb9f024213deb/post/keystone-branch-tarball/eb685ad/ We run for docs jobs: "tox -e venv python setup.py build_sphinx" thus, the docs environment is not used. For branch tarball, the infra scripts use: "tox -e venv python setup.py sdist" And infra does not setup constraints for post jobs currently as this is not working with current tools Fix tox.ini for this Change-Id: I048368981e4be739c66073fdd9bc8a9663498a80 (cherry picked from commit 2535f22e6123bd8b7ae1304b31f6748e631d8e61)
* Updated from global requirements9.0.1OpenStack Proposal Bot2016-05-161-1/+1
| | | | Change-Id: I83803044e751f26243c99347b2c0bdb148095915
* Remove test_invalid_policy_raises_errorBrant Knudson2016-05-101-9/+0
| | | | | | | | | | | | | | | | | | | | This test is validating internal behavior of the oslo.policy library. Since oslo.policy already has tests for this function, we don't have to test it in keystone. As of commit 83d209e in oslo.policy the test fails because oslo.policy has been enhanced to support YAML and the test is using valid YAML. An alternative is to change the test to have a file that's invalid YAML (remove the ']'), but then it might break again. An alternative is to change the test to mock out the behavior, but then the test would just be showing that if we mock out rules.enforce to raise ValueError it does that. Change-Id: I4ead61566000aedf62c9c48b0702ea30472c9925 (cherry picked from commit 8eb7960e0f31c2624230b88d17933b3f48a17eaa)
* Allow 'domain' property for local.groupGyorgy Szombathelyi2016-05-052-1/+13
| | | | | | | | | The JSON schema missed the domain property for the local group description, but it is requested by the code explicitly. Change-Id: If74aaf07b77399f1648843280153c7523de5eb38 Closes-Bug: 1575057 (cherry picked from commit 7567c5edf214bfbbee6d6acf7c130cd857324fc0)
* Add conflict validation for idp updateRodrigo Duarte2016-05-053-26/+86
| | | | | | | | | | | | Remote IDs conflicts can happen during an identity provider update (similar to what happens during create). This patch adds the same conflict handling, so a 500 is not returned by keystone. Change-Id: I1f093dad0b9427027edf4dc1a9f563e99aedad0c Closes-Bug: 1558670 (cherry picked from commit bfcbb3cd7679dd13d5ededd2f3b765d40e0bca7d)
* Merge "Fix fernet audit ids for v2.0" into stable/mitakaJenkins2016-05-043-8/+26
|\
| * Fix fernet audit ids for v2.0Lance Bragstad2016-05-043-8/+26
| | | | | | | | | | | | | | | | | | | | | | The fernet token provider was doing some weird things with audit ids that caused token rescoping to not work because audit ids were never pulled from the original token. This commit also enables some tests for v2.0 authentication with the Fernet as the token provider. Closes-Bug: 1577558 Change-Id: Iffbaf505ef50a6c6d97c5340645acb2f6fda7e0e (cherry picked from commit 0d376025bae61bf5ee19d992c7f336b99ac69240)
* | Merge "Make all fixture project_ids into uuids" into stable/mitakaJenkins2016-05-044-18/+26
|\ \ | |/
| * Make all fixture project_ids into uuidsAdam Young2016-05-044-18/+26
| | | | | | | | | | | | | | | | | | | | The Fernet tests for Python 3.4 fail if they are given project_ids that are not uuids. Since all issued project IDs in a live deployment are UUIDs, it is more correct to fix the tests than to change the formatter. Change-Id: I485c02cbb6484e52b4bb4563e2842c45a34e66eb (cherry picked from commit 36da34f02ff921584524108a34c11568bc406c10)
* | Merge "Imported Translations from Zanata" into stable/mitakaJenkins2016-05-0437-742/+735
|\ \
| * | Imported Translations from ZanataOpenStack Proposal Bot2016-05-0437-742/+735
| |/ | | | | | | | | | | | | For more information about this automatic import see: https://wiki.openstack.org/wiki/Translations/Infrastructure Change-Id: If9ecf2e20ac94540494485befe4adbde00c7c447
* | Merge "Updated from global requirements" into stable/mitakaJenkins2016-05-042-4/+4
|\ \ | |/ |/|
| * Updated from global requirementsOpenStack Proposal Bot2016-04-292-4/+4
| | | | | | | | Change-Id: Ibe9f30a66fdbdce1087388085da228f01d1d12f6
* | Keystone jobs should honor upper-constraints.txtDavanum Srinivas2016-05-031-1/+11
|/ | | | | | | | | Some targets don't respect upper-constraints like cover and releasenotes, so make sure don't use the same install_command for those jobs. Change-Id: I8636e7c86c6c5c608429fab88e181108ae615db9 (cherry picked from commit db7bdf9aa0cb0ba5fbae5ae07ecdb9f024213deb)
* Merge "Fix KeyError when rename to a name is already in use" into stable/mitakaJenkins2016-04-172-0/+23
|\
| * Fix KeyError when rename to a name is already in useliyingjun2016-04-142-0/+23
| | | | | | | | | | | | | | | | | | | | | | | | When a user attempts to rename a project via the PATCH v3/projects/{project_id} API, and the new name is already in-use, rather than return a nice error explaining that the name is in use, keystone blows up and raises `KeyError: 'is_domain'` in _generate_project_name_conflict_msg. Change-Id: I56fcd8fe1258e2d1de3e541144649ef619f86a7b Closes-bug: #1565108 (cherry picked from commit c1be6883f250e6bc0ad1b43eb516186f74a477f1)
* | Merge "Set the values for the request_local_cache" into stable/mitakaJenkins2016-04-161-0/+2
|\ \
| * | Set the values for the request_local_cacheMorgan Fainberg2016-04-121-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of only using the request_local_cache when an explicit set occurs, make sure we always set the value for the request_local_cache when we have to reach for the proxied backend. The Context Local cache was being used previously when we were seeing a mix of cache misses and hits. This change ensures we now always set the value(s) as expected: Change-Id: I4857cfe1e62d54c3c89a0206ffc895c4cf681ce5 Closes-Bug: #1567403 (cherry picked from commit 9b9bc7767fad36da1c764add842f85efdc48807b)
* | | Imported Translations from ZanataOpenStack Proposal Bot2016-04-1637-144/+144
| | | | | | | | | | | | | | | | | | | | | For more information about this automatic import see: https://wiki.openstack.org/wiki/Translations/Infrastructure Change-Id: I7496e2f22aa63cb16c6ab0357ba31ff91b648c7c
* | | Fix totp test fails randomlyBrant Knudson2016-04-152-2/+8
| |/ |/| | | | | | | | | | | | | | | The test_with_multiple_users test would fail if the time happened to roll over to the next chunk for the totp generator. The fix is to control the clock in the test to this can't happen. Change-Id: I2b92a0cc08ba8e36edc87cb76960a46746895458 (cherry picked from commit 3eaea2fdf417a03aeb539cd35ab28f01de5886af)
* | Fixes bug where the updated federated display_name is not returnedRonald De Rose2016-04-122-6/+4
|/ | | | | | | | | | | | When shadowing a federated user, if the display name is changed, it should get updated and returned in the user name attribute. This patch fixes a bug where the display_name was getting updated, but not the old display_name was being returned. Closes-Bug: #1566494 Change-Id: I155d3a9e4c90a3d22d0b30e35276c9ddbb65ae6d (cherry picked from commit 562b81dd4a94d5a219b7cf1ff2f82288add10046)
View Lorry Controller Status