← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1668563] Re: Unclear error when attempting to create duplicate resources with certain names

 

Reviewed:  https://review.openstack.org/438896
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=59d7b1fcd710a0eff289f467bbb82a07037a51b0
Submitter: Jenkins
Branch:    master

commit 59d7b1fcd710a0eff289f467bbb82a07037a51b0
Author: Colleen Murphy <comurphy@xxxxxxxx>
Date:   Tue Feb 28 11:03:40 2017 +0100

    Fix duplicate handling for user-specified IDs
    
    For resources such as federation protocols and federation mappings, the
    database primary keys are ID strings specified by the user creating
    them. If the user created such a resource that happened to have the
    substrings 'id' or 'name' in the identifier, and then by accident tried
    to create it again, it would fail with a message that did not appear to
    relate to the entry being a duplicate:
    
     string indices must be integers (HTTP 400)
    
    This was because the method that is supposed to form a user-friendly
    message receives all the arguments as a tuple and iterates over it,
    looking for a dictionary with the keys 'id' or 'name' to figure out what
    was trying to be duplicated. However, it can't distinguish between a
    dictionary with 'id' or 'name' as a key and a string with 'id' or 'name'
    as a substring, and trips if it finds such a string. This logic for
    looking for 'id', 'name', or 'domain_id' in an object really only makes
    sense if the object is a dict, so this patch adds a check to ensure it
    is a dict before looking for keys in it.
    
    Change-Id: If3c23a28eb5594efaa49c6a15d8db11cfc8d9057
    Closes-bug: #1668563


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1668563

Title:
  Unclear error when attempting to create duplicate resources with
  certain names

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  When a user accidentally tries to create certain resources they have
  already created, if the name of the resource has 'name' or 'id' in the
  name, the action fails with a very unclear error message. For example,
  when creating a federation mapping:

  $ openstack mapping create mapping_with_id_in_the_string --rules rules.json
  +-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
  | Field | Value                                                                                                                                                               |   
  +-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
  | id    | mapping_with_id_in_the_string                                                                                                                                       |   
  | rules | [{u'remote': [{u'type': u'HTTP_OIDC_EMAIL'}], u'local': [{u'group': {u'domain': {u'name': u'Default'}, u'name': u'federated_users'}, u'user': {u'name': u'{0}'}}]}] |
  +-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
  $ openstack mapping create mapping_with_id_in_the_string --rules rules.json·
  string indices must be integers (HTTP 400) (Request-ID: req-d37fa5f1-f354-45a8-9408-7b2b254b8c41)
  $ openstack mapping create mapping_with_name_in_the_string --rules rules.json
  +-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
  | Field | Value                                                                                                                                                               |   
  +-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
  | id    | mapping_with_name_in_the_string                                                                                                                                     |   
  | rules | [{u'remote': [{u'type': u'HTTP_OIDC_EMAIL'}], u'local': [{u'group': {u'domain': {u'name': u'Default'}, u'name': u'federated_users'}, u'user': {u'name': u'{0}'}}]}] |
  +-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
  $ openstack mapping create mapping_with_name_in_the_string --rules rules.json·
  string indices must be integers (HTTP 400) (Request-ID: req-5efee6af-e924-428e-a929-cee5c8efb48c)

  But the error is clearer if the string does not have a special
  substring in it:

  $ openstack mapping create mapping_with_nothing_special_in_the_string --rules rules.json·
  +-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
  | Field | Value                                                                                                                                                               |   
  +-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
  | id    | mapping_with_nothing_special_in_the_string                                                                                                                          |   
  | rules | [{u'remote': [{u'type': u'HTTP_OIDC_EMAIL'}], u'local': [{u'group': {u'domain': {u'name': u'Default'}, u'name': u'federated_users'}, u'user': {u'name': u'{0}'}}]}] |
  +-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
  $ openstack mapping create mapping_with_nothing_special_in_the_string --rules rules.json·
  Conflict occurred attempting to store mapping - Duplicate entry. (HTTP 409) (Request-ID: req-8fa12715-7cce-40b7-95f4-92431bb13132)

  Similarly for creating a federation protocol with 'id' or 'name' in
  the the name of the protocol:

  $ openstack federation protocol create protocol_with_id_in_the_string --mapping mapping_with_nothing_special_in_the_string --identity-provider google
  +-------------------+--------------------------------------------+
  | Field             | Value                                      |   
  +-------------------+--------------------------------------------+
  | id                | protocol_with_id_in_the_string             |   
  | identity_provider | google                                     |   
  | mapping           | mapping_with_nothing_special_in_the_string |
  +-------------------+--------------------------------------------+
  $ openstack federation protocol create protocol_with_id_in_the_string --mapping mapping_with_nothing_special_in_the_string --identity-provider google
  string indices must be integers (HTTP 400) (Request-ID: req-d0659c94-9662-4c57-a230-9e4fbcd33fb0)

  Or if the identity provider has 'id' or 'name' in its name:

  $ openstack federation protocol create normal_protocol --mapping mapping_with_nothing_special_in_the_string --identity-provider sso_service_with_id_in_the_string
  +-------------------+--------------------------------------------+
  | Field             | Value                                      |   
  +-------------------+--------------------------------------------+
  | id                | normal_protocol                            |   
  | identity_provider | sso_service_with_id_in_the_string          |   
  | mapping           | mapping_with_nothing_special_in_the_string |
  +-------------------+--------------------------------------------+
  $ openstack federation protocol create normal_protocol --mapping mapping_with_nothing_special_in_the_string --identity-provider sso_service_with_id_in_the_string
  string indices must be integers (HTTP 400) (Request-ID: req-ddafd212-91e3-4ea5-9af0-a3cde6f7398b)

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1668563/+subscriptions


References