yahoo-eng-team team mailing list archive

[Rodrigo Duarte <rodrigodsousa@xxxxxxxxx>]

Public bug reported:

When authenticating a user via federation, a federated_user entry is
created in keystone's database, an example of such entry is below:

mysql> select * from federated_user;
+----+----------------------------------+----------+-------------+-----------------------+---------------------+
| id | user_id                          | idp_id   | protocol_id | unique_id             | display_name        |
+----+----------------------------------+----------+-------------+-----------------------+---------------------+
|  1 | 15ddf8fda20842c68b99999b6d91d1a7 | testshib | mapped      | myself%40testshib.org | myself@xxxxxxxxxxxx |
+----+----------------------------------+----------+-------------+-----------------------+---------------------+

The federated_user_protocol_id foreign key prevents the protocol
deletion:

Details: An unexpected error prevented the server from fulfilling your
request: (pymysql.err.IntegrityError) (1451, u'Cannot delete or update a
parent row: a foreign key constraint fails (`keystone`.`federated_user`,
CONSTRAINT `federated_user_protocol_id_fkey` FOREIGN KEY (`protocol_id`,
`idp_id`) REFERENCES `federation_protocol` (`id`, `idp_id`))') [SQL:
u'DELETE FROM federation_protocol WHERE federation_protocol.id = %(id)s
AND federation_protocol.idp_id = %(idp_id)s'] [parameters: {'idp_id':
u'testshib', 'id': u'mapped'}]

This can be also happening with the "idp_id" column as well.

This prevents automated tests like [1] to properly work, since it
creates and destroys the identity provider, mapping and protocol during
its execution.

[1] https://review.openstack.org/#/c/324769/

** Affects: keystone
     Importance: Undecided
     Assignee: Ron De Rose (ronald-de-rose)
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1642692

Title:
  Protocol can't be deleted after federated_user is created

Status in OpenStack Identity (keystone):
  New

Bug description:
  When authenticating a user via federation, a federated_user entry is
  created in keystone's database, an example of such entry is below:

  mysql> select * from federated_user;
  +----+----------------------------------+----------+-------------+-----------------------+---------------------+
  | id | user_id                          | idp_id   | protocol_id | unique_id             | display_name        |
  +----+----------------------------------+----------+-------------+-----------------------+---------------------+
  |  1 | 15ddf8fda20842c68b99999b6d91d1a7 | testshib | mapped      | myself%40testshib.org | myself@xxxxxxxxxxxx |
  +----+----------------------------------+----------+-------------+-----------------------+---------------------+

  The federated_user_protocol_id foreign key prevents the protocol
  deletion:

  Details: An unexpected error prevented the server from fulfilling your
  request: (pymysql.err.IntegrityError) (1451, u'Cannot delete or update
  a parent row: a foreign key constraint fails
  (`keystone`.`federated_user`, CONSTRAINT
  `federated_user_protocol_id_fkey` FOREIGN KEY (`protocol_id`,
  `idp_id`) REFERENCES `federation_protocol` (`id`, `idp_id`))') [SQL:
  u'DELETE FROM federation_protocol WHERE federation_protocol.id =
  %(id)s AND federation_protocol.idp_id = %(idp_id)s'] [parameters:
  {'idp_id': u'testshib', 'id': u'mapped'}]

  This can be also happening with the "idp_id" column as well.

  This prevents automated tests like [1] to properly work, since it
  creates and destroys the identity provider, mapping and protocol
  during its execution.

  [1] https://review.openstack.org/#/c/324769/

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1642692/+subscriptions