yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #62017
[Bug 1668563] Re: Unclear error when attempting to create duplicate resources with certain names
Reviewed: https://review.openstack.org/438896
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=59d7b1fcd710a0eff289f467bbb82a07037a51b0
Submitter: Jenkins
Branch: master
commit 59d7b1fcd710a0eff289f467bbb82a07037a51b0
Author: Colleen Murphy <comurphy@xxxxxxxx>
Date: Tue Feb 28 11:03:40 2017 +0100
Fix duplicate handling for user-specified IDs
For resources such as federation protocols and federation mappings, the
database primary keys are ID strings specified by the user creating
them. If the user created such a resource that happened to have the
substrings 'id' or 'name' in the identifier, and then by accident tried
to create it again, it would fail with a message that did not appear to
relate to the entry being a duplicate:
string indices must be integers (HTTP 400)
This was because the method that is supposed to form a user-friendly
message receives all the arguments as a tuple and iterates over it,
looking for a dictionary with the keys 'id' or 'name' to figure out what
was trying to be duplicated. However, it can't distinguish between a
dictionary with 'id' or 'name' as a key and a string with 'id' or 'name'
as a substring, and trips if it finds such a string. This logic for
looking for 'id', 'name', or 'domain_id' in an object really only makes
sense if the object is a dict, so this patch adds a check to ensure it
is a dict before looking for keys in it.
Change-Id: If3c23a28eb5594efaa49c6a15d8db11cfc8d9057
Closes-bug: #1668563
** Changed in: keystone
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1668563
Title:
Unclear error when attempting to create duplicate resources with
certain names
Status in OpenStack Identity (keystone):
Fix Released
Bug description:
When a user accidentally tries to create certain resources they have
already created, if the name of the resource has 'name' or 'id' in the
name, the action fails with a very unclear error message. For example,
when creating a federation mapping:
$ openstack mapping create mapping_with_id_in_the_string --rules rules.json
+-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| id | mapping_with_id_in_the_string |
| rules | [{u'remote': [{u'type': u'HTTP_OIDC_EMAIL'}], u'local': [{u'group': {u'domain': {u'name': u'Default'}, u'name': u'federated_users'}, u'user': {u'name': u'{0}'}}]}] |
+-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
$ openstack mapping create mapping_with_id_in_the_string --rules rules.json·
string indices must be integers (HTTP 400) (Request-ID: req-d37fa5f1-f354-45a8-9408-7b2b254b8c41)
$ openstack mapping create mapping_with_name_in_the_string --rules rules.json
+-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| id | mapping_with_name_in_the_string |
| rules | [{u'remote': [{u'type': u'HTTP_OIDC_EMAIL'}], u'local': [{u'group': {u'domain': {u'name': u'Default'}, u'name': u'federated_users'}, u'user': {u'name': u'{0}'}}]}] |
+-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
$ openstack mapping create mapping_with_name_in_the_string --rules rules.json·
string indices must be integers (HTTP 400) (Request-ID: req-5efee6af-e924-428e-a929-cee5c8efb48c)
But the error is clearer if the string does not have a special
substring in it:
$ openstack mapping create mapping_with_nothing_special_in_the_string --rules rules.json·
+-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| id | mapping_with_nothing_special_in_the_string |
| rules | [{u'remote': [{u'type': u'HTTP_OIDC_EMAIL'}], u'local': [{u'group': {u'domain': {u'name': u'Default'}, u'name': u'federated_users'}, u'user': {u'name': u'{0}'}}]}] |
+-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
$ openstack mapping create mapping_with_nothing_special_in_the_string --rules rules.json·
Conflict occurred attempting to store mapping - Duplicate entry. (HTTP 409) (Request-ID: req-8fa12715-7cce-40b7-95f4-92431bb13132)
Similarly for creating a federation protocol with 'id' or 'name' in
the the name of the protocol:
$ openstack federation protocol create protocol_with_id_in_the_string --mapping mapping_with_nothing_special_in_the_string --identity-provider google
+-------------------+--------------------------------------------+
| Field | Value |
+-------------------+--------------------------------------------+
| id | protocol_with_id_in_the_string |
| identity_provider | google |
| mapping | mapping_with_nothing_special_in_the_string |
+-------------------+--------------------------------------------+
$ openstack federation protocol create protocol_with_id_in_the_string --mapping mapping_with_nothing_special_in_the_string --identity-provider google
string indices must be integers (HTTP 400) (Request-ID: req-d0659c94-9662-4c57-a230-9e4fbcd33fb0)
Or if the identity provider has 'id' or 'name' in its name:
$ openstack federation protocol create normal_protocol --mapping mapping_with_nothing_special_in_the_string --identity-provider sso_service_with_id_in_the_string
+-------------------+--------------------------------------------+
| Field | Value |
+-------------------+--------------------------------------------+
| id | normal_protocol |
| identity_provider | sso_service_with_id_in_the_string |
| mapping | mapping_with_nothing_special_in_the_string |
+-------------------+--------------------------------------------+
$ openstack federation protocol create normal_protocol --mapping mapping_with_nothing_special_in_the_string --identity-provider sso_service_with_id_in_the_string
string indices must be integers (HTTP 400) (Request-ID: req-ddafd212-91e3-4ea5-9af0-a3cde6f7398b)
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1668563/+subscriptions
References
