← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1450344] Re: Invalid SQL Identity Assertion - Load Config from Database

 

** Changed in: keystone
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1450344

Title:
  Invalid SQL Identity  Assertion - Load Config from Database

Status in Keystone:
  Fix Released

Bug description:
  I have a default domain pointing to LDAP and ServiceDomain pointing to
  SQL identity backend. This kind of configuration is supported with
  enabling domain specific drivers. While upgrading to Kilo to leverage
  domain config from database capability, the same configuration is not
  supported.

  $ openstack user list --domain 5681226a68de4f7ea8a2bd247d0fc54e
  ERROR: openstack Invalid domain specific configuration: Domain specific sql drivers are not supported via the Identity API. One is specified in /domains/5681226a68de4f7ea8a2bd247d0fc54e/config (Disable debug mode to suppress these details.) (HTTP 403) (Request-ID: req-7bc89750-60de-45f2-8c80-05777a8469da)

  Notice the same domain ID in request and error message.

  In identity/core.py:

  def _load_config_from_database(self, domain_id, specific_config):

          def _assert_not_sql_driver(domain_id, new_config):
              """Ensure this is not an sql driver.

              Due to multi-threading safety concerns, we do not currently support
              the setting of a specific identity driver to sql via the Identity
              API.

              """
              if new_config['driver'].is_sql:
                  reason = _('Domain specific sql drivers are not supported via '
                             'the Identity API. One is specified in '
                             '/domains/%s/config') % domain_id
                  raise exception.InvalidDomainConfig(reason=reason)

  _assert_not_sql_driver causes such restriction, any domain with sql
  identity backend is prohibited which should be restricted to at least
  one.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1450344/+subscriptions


References