← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1668563] [NEW] Unclear error when attempting to create duplicate resources with certain names

 

Public bug reported:

When a user accidentally tries to create certain resources they have
already created, if the name of the resource has 'name' or 'id' in the
name, the action fails with a very unclear error message. For example,
when creating a federation mapping:

$ openstack mapping create mapping_with_id_in_the_string --rules rules.json
+-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value                                                                                                                                                               |   
+-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| id    | mapping_with_id_in_the_string                                                                                                                                       |   
| rules | [{u'remote': [{u'type': u'HTTP_OIDC_EMAIL'}], u'local': [{u'group': {u'domain': {u'name': u'Default'}, u'name': u'federated_users'}, u'user': {u'name': u'{0}'}}]}] |
+-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
$ openstack mapping create mapping_with_id_in_the_string --rules rules.json·
string indices must be integers (HTTP 400) (Request-ID: req-d37fa5f1-f354-45a8-9408-7b2b254b8c41)
$ openstack mapping create mapping_with_name_in_the_string --rules rules.json
+-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value                                                                                                                                                               |   
+-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| id    | mapping_with_name_in_the_string                                                                                                                                     |   
| rules | [{u'remote': [{u'type': u'HTTP_OIDC_EMAIL'}], u'local': [{u'group': {u'domain': {u'name': u'Default'}, u'name': u'federated_users'}, u'user': {u'name': u'{0}'}}]}] |
+-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
$ openstack mapping create mapping_with_name_in_the_string --rules rules.json·
string indices must be integers (HTTP 400) (Request-ID: req-5efee6af-e924-428e-a929-cee5c8efb48c)

But the error is clearer if the string does not have a special substring
in it:

$ openstack mapping create mapping_with_nothing_special_in_the_string --rules rules.json·
+-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value                                                                                                                                                               |   
+-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| id    | mapping_with_nothing_special_in_the_string                                                                                                                          |   
| rules | [{u'remote': [{u'type': u'HTTP_OIDC_EMAIL'}], u'local': [{u'group': {u'domain': {u'name': u'Default'}, u'name': u'federated_users'}, u'user': {u'name': u'{0}'}}]}] |
+-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
$ openstack mapping create mapping_with_nothing_special_in_the_string --rules rules.json·
Conflict occurred attempting to store mapping - Duplicate entry. (HTTP 409) (Request-ID: req-8fa12715-7cce-40b7-95f4-92431bb13132)

Similarly for creating a federation protocol with 'id' or 'name' in the
the name of the protocol:

$ openstack federation protocol create protocol_with_id_in_the_string --mapping mapping_with_nothing_special_in_the_string --identity-provider google
+-------------------+--------------------------------------------+
| Field             | Value                                      |   
+-------------------+--------------------------------------------+
| id                | protocol_with_id_in_the_string             |   
| identity_provider | google                                     |   
| mapping           | mapping_with_nothing_special_in_the_string |
+-------------------+--------------------------------------------+
$ openstack federation protocol create protocol_with_id_in_the_string --mapping mapping_with_nothing_special_in_the_string --identity-provider google
string indices must be integers (HTTP 400) (Request-ID: req-d0659c94-9662-4c57-a230-9e4fbcd33fb0)

Or if the identity provider has 'id' or 'name' in its name:

$ openstack federation protocol create normal_protocol --mapping mapping_with_nothing_special_in_the_string --identity-provider sso_service_with_id_in_the_string
+-------------------+--------------------------------------------+
| Field             | Value                                      |   
+-------------------+--------------------------------------------+
| id                | normal_protocol                            |   
| identity_provider | sso_service_with_id_in_the_string          |   
| mapping           | mapping_with_nothing_special_in_the_string |
+-------------------+--------------------------------------------+
$ openstack federation protocol create normal_protocol --mapping mapping_with_nothing_special_in_the_string --identity-provider sso_service_with_id_in_the_string
string indices must be integers (HTTP 400) (Request-ID: req-ddafd212-91e3-4ea5-9af0-a3cde6f7398b)

** Affects: keystone
     Importance: Undecided
     Assignee: Colleen Murphy (krinkle)
         Status: In Progress

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1668563

Title:
  Unclear error when attempting to create duplicate resources with
  certain names

Status in OpenStack Identity (keystone):
  In Progress

Bug description:
  When a user accidentally tries to create certain resources they have
  already created, if the name of the resource has 'name' or 'id' in the
  name, the action fails with a very unclear error message. For example,
  when creating a federation mapping:

  $ openstack mapping create mapping_with_id_in_the_string --rules rules.json
  +-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
  | Field | Value                                                                                                                                                               |   
  +-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
  | id    | mapping_with_id_in_the_string                                                                                                                                       |   
  | rules | [{u'remote': [{u'type': u'HTTP_OIDC_EMAIL'}], u'local': [{u'group': {u'domain': {u'name': u'Default'}, u'name': u'federated_users'}, u'user': {u'name': u'{0}'}}]}] |
  +-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
  $ openstack mapping create mapping_with_id_in_the_string --rules rules.json·
  string indices must be integers (HTTP 400) (Request-ID: req-d37fa5f1-f354-45a8-9408-7b2b254b8c41)
  $ openstack mapping create mapping_with_name_in_the_string --rules rules.json
  +-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
  | Field | Value                                                                                                                                                               |   
  +-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
  | id    | mapping_with_name_in_the_string                                                                                                                                     |   
  | rules | [{u'remote': [{u'type': u'HTTP_OIDC_EMAIL'}], u'local': [{u'group': {u'domain': {u'name': u'Default'}, u'name': u'federated_users'}, u'user': {u'name': u'{0}'}}]}] |
  +-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
  $ openstack mapping create mapping_with_name_in_the_string --rules rules.json·
  string indices must be integers (HTTP 400) (Request-ID: req-5efee6af-e924-428e-a929-cee5c8efb48c)

  But the error is clearer if the string does not have a special
  substring in it:

  $ openstack mapping create mapping_with_nothing_special_in_the_string --rules rules.json·
  +-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
  | Field | Value                                                                                                                                                               |   
  +-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
  | id    | mapping_with_nothing_special_in_the_string                                                                                                                          |   
  | rules | [{u'remote': [{u'type': u'HTTP_OIDC_EMAIL'}], u'local': [{u'group': {u'domain': {u'name': u'Default'}, u'name': u'federated_users'}, u'user': {u'name': u'{0}'}}]}] |
  +-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
  $ openstack mapping create mapping_with_nothing_special_in_the_string --rules rules.json·
  Conflict occurred attempting to store mapping - Duplicate entry. (HTTP 409) (Request-ID: req-8fa12715-7cce-40b7-95f4-92431bb13132)

  Similarly for creating a federation protocol with 'id' or 'name' in
  the the name of the protocol:

  $ openstack federation protocol create protocol_with_id_in_the_string --mapping mapping_with_nothing_special_in_the_string --identity-provider google
  +-------------------+--------------------------------------------+
  | Field             | Value                                      |   
  +-------------------+--------------------------------------------+
  | id                | protocol_with_id_in_the_string             |   
  | identity_provider | google                                     |   
  | mapping           | mapping_with_nothing_special_in_the_string |
  +-------------------+--------------------------------------------+
  $ openstack federation protocol create protocol_with_id_in_the_string --mapping mapping_with_nothing_special_in_the_string --identity-provider google
  string indices must be integers (HTTP 400) (Request-ID: req-d0659c94-9662-4c57-a230-9e4fbcd33fb0)

  Or if the identity provider has 'id' or 'name' in its name:

  $ openstack federation protocol create normal_protocol --mapping mapping_with_nothing_special_in_the_string --identity-provider sso_service_with_id_in_the_string
  +-------------------+--------------------------------------------+
  | Field             | Value                                      |   
  +-------------------+--------------------------------------------+
  | id                | normal_protocol                            |   
  | identity_provider | sso_service_with_id_in_the_string          |   
  | mapping           | mapping_with_nothing_special_in_the_string |
  +-------------------+--------------------------------------------+
  $ openstack federation protocol create normal_protocol --mapping mapping_with_nothing_special_in_the_string --identity-provider sso_service_with_id_in_the_string
  string indices must be integers (HTTP 400) (Request-ID: req-ddafd212-91e3-4ea5-9af0-a3cde6f7398b)

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1668563/+subscriptions


Follow ups