← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #27399

[Bug 1401721] Re: Update role using LDAP backend with same name fails

  Thread PreviousDate PreviousThread Next 
** Also affects: keystone/juno
   Importance: Undecided
       Status: New

** Changed in: keystone/juno
       Status: New => Fix Committed

** Changed in: keystone/juno
    Milestone: None => 2014.2.2

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1401721

Title:
  Update role using LDAP backend with same name fails

Status in OpenStack Identity (Keystone):
  Fix Released
Status in Keystone juno series:
  Fix Committed

Bug description:
  
  When the keystone server is configured to use the LDAP backend for assignments and a role is updated to have the same name the operation fails saying that you can't create a role because another role with the same name already exists.

  The keystone server should just accept the request and ignore the
  change rather than failing.

  To recreate:

  0. Start with a devstack install using LDAP for assignment backend

  1. Get a token

  $ curl -i \
    -H "Content-Type: application/json" \
    -d '
  { "auth": {
      "identity": {
        "methods": ["password"],
        "password": {
          "user": {
            "name": "admin",
            "domain": { "id": "default" },
            "password": "adminpwd"
          }
        }
      },
      "scope": {
        "project": {
          "name": "demo",
          "domain": { "id": "default" }
        }
      }
    }
  }' \
    http://localhost:35357/v3/auth/tokens ; echo

  $ TOKEN=...

  2. List roles

  $ curl \
      -H "X-Auth-Token: $TOKEN" \
      http://localhost:35357/v3/roles | python -m json.tool

  $ ROLE_ID=36a9eede308d41e8a92effce2e46cc4a

  3. Update a role with the same name.

  $ curl -X PATCH \
      -H "X-Auth-Token: $TOKEN" \
      -H "Content-Type: application/json" \
      -d '{"role": {"name": "anotherrole"}}' \
      http://localhost:35357/v3/roles/$ROLE_ID

  {"error": {"message": "Cannot duplicate name {'id':
  u'36a9eede308d41e8a92effce2e46cc4a', 'name': u'anotherrole'}", "code":
  409, "title": "Conflict"}}

  The operation should have worked.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1401721/+subscriptions

References

  Thread PreviousDate PreviousThread Next