yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #44902
[Bug 1534140] Re: keystone-manage bootstrap failed to create assignment if user/project/role exists
Reviewed: https://review.openstack.org/268738
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=cda3853c412a79e0146e248feb315686ca2c7970
Submitter: Jenkins
Branch: master
commit cda3853c412a79e0146e248feb315686ca2c7970
Author: Dave Chen <wei.d.chen@xxxxxxxxx>
Date: Sun Jan 17 15:45:30 2016 +0800
Make sure the assignment creation use the right arguments
`keystone-manage bootstrap` will fail to create the assignment if
project or role exists, this is because the assignment creation
is not using the right role id or project id.
This patch will fix this issue.
Change-Id: I7359cfe8f573ae56556654f1eafcc75079e69ccc
Closes-Bug: #1534140
bp: bootstrap
** Changed in: keystone
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1534140
Title:
keystone-manage bootstrap failed to create assignment if
user/project/role exists
Status in OpenStack Identity (keystone):
Fix Released
Bug description:
If `keystone-manage bootstrap` fails with the role already exists
(this may happen if someone use OSC CLI created a role but someone
else want to boostrap a set of `user`, `project` or `role` without
aware of the role has already created.), the project or user can
still be created successfully.
And then if redefine the role, `keystone-manage bootstrap` will still
fail since `user`, `project` have been created, but `keystone-manage
bootstrap` cannot handle with this.
See the example:
dave@shldeOTCopen005:~$ keystone-manage bootstrap --bootstrap-username bootstrap_user --bootstrap-project-name bootstrap_project --bootstrap-role-name admin --bootstrap-password abc123
25784 TRACE keystone details=_('Duplicate Entry'))
25784 TRACE keystone Conflict: Conflict occurred attempting to store role - Duplicate Entry
25784 TRACE keystone
change the role to `bootstrap_role` ...
dave@shldeOTCopen005:~$ keystone-manage bootstrap --bootstrap-username bootstrap_user --bootstrap-project-name bootstrap_project --bootstrap-role-name bootstrap_role --bootstrap-password abc123
25813 TRACE keystone details=_('Duplicate Entry'))
25813 TRACE keystone Conflict: Conflict occurred attempting to store project - Duplicate Entry
25813 TRACE keystone
So, if we want to boostrap again, we need delete project, user manually, this is not friendly to end user.
`keystone-manage bootstrap` should not create any `user`, `project` if the command is not executed successfully.
According to the comments from Morgan, the `user`, `project` or `role`
should be created but the real issue is that assignment cannot be
created if either of them exists, see the comments #2 for the updated.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1534140/+subscriptions
References