yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1615000] Re: Entry to User table creates entries in local_user table for ldap and custom driver users

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1615000@xxxxxxxxxxxxxxxxxx>
Date: Tue, 23 Aug 2016 14:54:21 -0000
Reply-to: Bug 1615000 <1615000@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Reviewed:  https://review.openstack.org/357979
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=70e6d58f461bd066a9f149be8ef096884b3ce6b0
Submitter: Jenkins
Branch:    master

commit 70e6d58f461bd066a9f149be8ef096884b3ce6b0
Author: Ronald De Rose <ronald.de.rose@xxxxxxxxx>
Date:   Fri Aug 19 15:40:21 2016 +0000

    Shadowing a nonlocal_user incorrectly creates a local_user
    
    This patch fixes a bug where when shadowing a nonlocal_user (LDAP,
    custom driver) it also incorrectly creates a local_user. The error is
    related to hybrid properties and calling the class from_dict method,
    which set the local_user attributes.
    
    Change-Id: I6e69cce5f337a330f2531ff71db3e931b785271c
    Closes-Bug: #1615000


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1615000

Title:
  Entry to User table creates entries in local_user table for ldap and
  custom driver users

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  This was observed while trying with ldap and custom driver users (not
  sure of the behavior for federated and sql users).

  It's found that after ldap / custom driver user is configured with OpenStack and a user authentication request is placed (token issue for eg.), there are entries made into 3 tables:
  - User
  - local_user
  - nonlocal_user

  As seen below, the ldap user name is avni_u1

  MariaDB [keystone]> select * from id_mapping where public_id="b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510";
  +------------------------------------------------------------------+-----------+----------+-------------+
  | public_id                                                        | domain_id | local_id | entity_type |
  +------------------------------------------------------------------+-----------+----------+-------------+
  | b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510 | default   | avni_u1  | user        |
  +------------------------------------------------------------------+-----------+----------+-------------+
  1 row in set (0.00 sec)

  MariaDB [keystone]> select * from user;
  +------------------------------------------------------------------+-------------------------------------------------+---------+--------------------+---------------------+----------------+
  | id                                                               | extra                                           | enabled | default_project_id | created_at          | last_active_at |
  +------------------------------------------------------------------+-------------------------------------------------+---------+--------------------+---------------------+----------------+
  | b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510 | {"description": "user with admin role"}         |    NULL | NULL               | 2016-08-19 13:32:44 | NULL           |
  +------------------------------------------------------------------+-------------------------------------------------+---------+--------------------+---------------------+----------------+
  1 rows in set (0.00 sec)

  MariaDB [keystone]> select * from local_user;
  +----+------------------------------------------------------------------+----------------------------------+------------+-------------------+----------------+
  | id | user_id                                                          | domain_id                        | name       | failed_auth_count | failed_auth_at |
  +----+------------------------------------------------------------------+----------------------------------+------------+-------------------+----------------+
  | |  1 | b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510 | default                          | avni_u1    |              NULL | NULL           |
  +----+------------------------------------------------------------------+----------------------------------+------------+-------------------+----------------+
  1 rows in set (0.00 sec)

  MariaDB [keystone]> select * from nonlocal_user;
  +----------------------------------+------------+------------------------------------------------------------------+
  | domain_id                        | name       | user_id                                                          |
  +----------------------------------+------------+------------------------------------------------------------------+
  | | default                          | avni_u1    | b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510 |
  | +----------------------------------+------------+------------------------------------------------------------------+

  This behavior is probably not new and is caused due to
  https://github.com/openstack/keystone/blob/master/keystone/identity/backends/sql_model.py#L147

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1615000/+subscriptions
References

[Bug 1615000] [NEW] Entry to User table creates entries in local_user table for ldap and custom driver users
From: Divya K Konoor, 2016-08-19