yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1534140] Re: keystone-manage bootstrap failed to create assignment if user/project/role exists

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1534140@xxxxxxxxxxxxxxxxxx>
Date: Tue, 19 Jan 2016 12:09:15 -0000
Reply-to: Bug 1534140 <1534140@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/268738
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=cda3853c412a79e0146e248feb315686ca2c7970
Submitter: Jenkins
Branch:    master

commit cda3853c412a79e0146e248feb315686ca2c7970
Author: Dave Chen <wei.d.chen@xxxxxxxxx>
Date:   Sun Jan 17 15:45:30 2016 +0800

    Make sure the assignment creation use the right arguments
    
    `keystone-manage bootstrap` will fail to create the assignment if
    project or role exists, this is because the assignment creation
    is not using the right role id or project id.
    
    This patch will fix this issue.
    
    Change-Id: I7359cfe8f573ae56556654f1eafcc75079e69ccc
    Closes-Bug: #1534140
    bp: bootstrap


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1534140

Title:
  keystone-manage bootstrap failed to create assignment if
  user/project/role exists

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  If `keystone-manage bootstrap` fails with the role already exists
  (this may happen if someone use OSC CLI created a role but someone
  else want to boostrap a set of `user`, `project` or `role` without
  aware of  the role has already created.), the project or user can
  still be created successfully.

  And then if redefine the role, `keystone-manage bootstrap` will still
  fail since `user`, `project` have been created, but `keystone-manage
  bootstrap` cannot handle with this.

  See the example:
  dave@shldeOTCopen005:~$ keystone-manage bootstrap --bootstrap-username bootstrap_user --bootstrap-project-name bootstrap_project --bootstrap-role-name admin --bootstrap-password abc123
  25784 TRACE keystone     details=_('Duplicate Entry'))
  25784 TRACE keystone Conflict: Conflict occurred attempting to store role - Duplicate Entry
  25784 TRACE keystone

  change the role to `bootstrap_role` ...

  dave@shldeOTCopen005:~$ keystone-manage bootstrap --bootstrap-username bootstrap_user --bootstrap-project-name bootstrap_project --bootstrap-role-name bootstrap_role --bootstrap-password abc123
  25813 TRACE keystone     details=_('Duplicate Entry'))
  25813 TRACE keystone Conflict: Conflict occurred attempting to store project - Duplicate Entry
  25813 TRACE keystone

  So, if we want to boostrap again, we need delete project, user manually,  this is not friendly to end  user.
  `keystone-manage bootstrap` should not create any `user`, `project` if the command is not executed successfully.


  According to the comments from Morgan, the `user`, `project` or `role`
  should be created but the real issue is that assignment cannot be
  created if either of them exists, see the comments #2 for the updated.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1534140/+subscriptions

References

[Bug 1534140] [NEW] keystone-manage bootstrap should not create user/project if it fails
From: Dave Chen, 2016-01-14