← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #07843

[Bug 1265108] [NEW] Changing default_domain_id doesn't work

  Thread PreviousDate PreviousThread Next 
Public bug reported:


If you change the default_domain_id in keystone.conf, it doesn't take effect everywhere. The problem is that the value is read when modules are imported, but that happens before the call to oslo.conf.cfg.CONF().

Here's an example:

keystone.assignment.core reads CONF.identity.default_domain_id during
import to build DEFAULT_DOMAIN:

http://git.openstack.org/cgit/openstack/keystone/tree/keystone/assignment/core.py?id=d38942de2f1a32d10a9dbd1d95ddda742ddbdea1#n41

Then later we get into main in keystone-all we finallly call CONF():

http://git.openstack.org/cgit/openstack/keystone/tree/bin/keystone-
all?id=d38942de2f1a32d10a9dbd1d95ddda742ddbdea1#n107

so what's going to happen is that DEFAULT_DOMAIN will get a domain_id of
the default domain ID and later CONF.identity.default_domain_id will get
set to whatever the user had set it to.

You can see it in the debugger by setting a breakpoint after CONF() and
checking the value of the config option and the DEFAULT_DOMAIN.

I'm not sure what all effects this would have.

The fix is to change the keystone server code so that it doesn't read
the config value until after CONF(), which means not at import time.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1265108

Title:
  Changing default_domain_id doesn't work

Status in OpenStack Identity (Keystone):
  New

Bug description:
  
  If you change the default_domain_id in keystone.conf, it doesn't take effect everywhere. The problem is that the value is read when modules are imported, but that happens before the call to oslo.conf.cfg.CONF().

  Here's an example:

  keystone.assignment.core reads CONF.identity.default_domain_id during
  import to build DEFAULT_DOMAIN:

  http://git.openstack.org/cgit/openstack/keystone/tree/keystone/assignment/core.py?id=d38942de2f1a32d10a9dbd1d95ddda742ddbdea1#n41

  Then later we get into main in keystone-all we finallly call CONF():

  http://git.openstack.org/cgit/openstack/keystone/tree/bin/keystone-
  all?id=d38942de2f1a32d10a9dbd1d95ddda742ddbdea1#n107

  so what's going to happen is that DEFAULT_DOMAIN will get a domain_id
  of the default domain ID and later CONF.identity.default_domain_id
  will get set to whatever the user had set it to.

  You can see it in the debugger by setting a breakpoint after CONF()
  and checking the value of the config option and the DEFAULT_DOMAIN.

  I'm not sure what all effects this would have.

  The fix is to change the keystone server code so that it doesn't read
  the config value until after CONF(), which means not at import time.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1265108/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next