yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #25489
[Bug 1401721] [NEW] Update role using LDAP backend with same name fails
Public bug reported:
When the keystone server is configured to use the LDAP backend for assignments and a role is updated to have the same name the operation fails saying that you can't create a role because another role with the same name already exists.
The keystone server should just accept the request and ignore the change
rather than failing.
To recreate:
0. Start with a devstack install using LDAP for assignment backend
1. Get a token
$ curl -i \
-H "Content-Type: application/json" \
-d '
{ "auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": "admin",
"domain": { "id": "default" },
"password": "adminpwd"
}
}
},
"scope": {
"project": {
"name": "demo",
"domain": { "id": "default" }
}
}
}
}' \
http://localhost:35357/v3/auth/tokens ; echo
$ TOKEN=...
2. List roles
$ curl \
-H "X-Auth-Token: $TOKEN" \
http://localhost:35357/v3/roles | python -m json.tool
$ ROLE_ID=36a9eede308d41e8a92effce2e46cc4a
3. Update a role with the same name.
$ curl -X PATCH \
-H "X-Auth-Token: $TOKEN" \
-H "Content-Type: application/json" \
-d '{"role": {"name": "anotherrole"}}' \
http://localhost:35357/v3/roles/$ROLE_ID
{"error": {"message": "Cannot duplicate name {'id':
u'36a9eede308d41e8a92effce2e46cc4a', 'name': u'anotherrole'}", "code":
409, "title": "Conflict"}}
The operation should have worked.
** Affects: keystone
Importance: Undecided
Assignee: Brant Knudson (blk-u)
Status: New
** Changed in: keystone
Assignee: (unassigned) => Brant Knudson (blk-u)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1401721
Title:
Update role using LDAP backend with same name fails
Status in OpenStack Identity (Keystone):
New
Bug description:
When the keystone server is configured to use the LDAP backend for assignments and a role is updated to have the same name the operation fails saying that you can't create a role because another role with the same name already exists.
The keystone server should just accept the request and ignore the
change rather than failing.
To recreate:
0. Start with a devstack install using LDAP for assignment backend
1. Get a token
$ curl -i \
-H "Content-Type: application/json" \
-d '
{ "auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": "admin",
"domain": { "id": "default" },
"password": "adminpwd"
}
}
},
"scope": {
"project": {
"name": "demo",
"domain": { "id": "default" }
}
}
}
}' \
http://localhost:35357/v3/auth/tokens ; echo
$ TOKEN=...
2. List roles
$ curl \
-H "X-Auth-Token: $TOKEN" \
http://localhost:35357/v3/roles | python -m json.tool
$ ROLE_ID=36a9eede308d41e8a92effce2e46cc4a
3. Update a role with the same name.
$ curl -X PATCH \
-H "X-Auth-Token: $TOKEN" \
-H "Content-Type: application/json" \
-d '{"role": {"name": "anotherrole"}}' \
http://localhost:35357/v3/roles/$ROLE_ID
{"error": {"message": "Cannot duplicate name {'id':
u'36a9eede308d41e8a92effce2e46cc4a', 'name': u'anotherrole'}", "code":
409, "title": "Conflict"}}
The operation should have worked.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1401721/+subscriptions
Follow ups
References
