yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1642692] Re: Protocol can't be deleted after federated_user is created

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1642692@xxxxxxxxxxxxxxxxxx>
Date: Fri, 13 Jan 2017 18:40:08 -0000
Reply-to: Bug 1642692 <1642692@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/415906
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=45f7ff3918ce8d05585d1c2e1740462e711965fe
Submitter: Jenkins
Branch:    master

commit 45f7ff3918ce8d05585d1c2e1740462e711965fe
Author: Rodrigo Duarte Sousa <rduartes@xxxxxxxxxx>
Date:   Tue Jan 3 10:41:07 2017 -0300

    Cascade delete federated_user fk
    
    The bug was caused by a foreign key in the federated_user table. This
    key prevents a protocol from being deleted after a successful
    authentication has happened (so the creation of a federated user
    via shadowing). We take advantage of the same foreign key by adding the
    cascade delete behavior to it.
    
    Closes-Bug: 1642692
    
    Change-Id: I3b3e265d20f0cfe0ee10c6a274d9bdf4e840b742


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1642692

Title:
  Protocol can't be deleted after federated_user is created

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  When authenticating a user via federation, a federated_user entry is
  created in keystone's database, an example of such entry is below:

  mysql> select * from federated_user;
  +----+----------------------------------+----------+-------------+-----------------------+---------------------+
  | id | user_id                          | idp_id   | protocol_id | unique_id             | display_name        |
  +----+----------------------------------+----------+-------------+-----------------------+---------------------+
  |  1 | 15ddf8fda20842c68b99999b6d91d1a7 | testshib | mapped      | myself%40testshib.org | myself@xxxxxxxxxxxx |
  +----+----------------------------------+----------+-------------+-----------------------+---------------------+

  The federated_user_protocol_id foreign key prevents the protocol
  deletion:

  Details: An unexpected error prevented the server from fulfilling your
  request: (pymysql.err.IntegrityError) (1451, u'Cannot delete or update
  a parent row: a foreign key constraint fails
  (`keystone`.`federated_user`, CONSTRAINT
  `federated_user_protocol_id_fkey` FOREIGN KEY (`protocol_id`,
  `idp_id`) REFERENCES `federation_protocol` (`id`, `idp_id`))') [SQL:
  u'DELETE FROM federation_protocol WHERE federation_protocol.id =
  %(id)s AND federation_protocol.idp_id = %(idp_id)s'] [parameters:
  {'idp_id': u'testshib', 'id': u'mapped'}]

  This can be also happening with the "idp_id" column as well.

  This prevents automated tests like [1] to properly work, since it
  creates and destroys the identity provider, mapping and protocol
  during its execution.

  [1] https://review.openstack.org/#/c/324769/

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1642692/+subscriptions

References

[Bug 1642692] [NEW] Protocol can't be deleted after federated_user is created
From: Rodrigo Duarte, 2016-11-17