yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #63933
[Bug 1690782] [NEW] Role assignment list with name resolution fails if a project contains a disabled AD user
Public bug reported:
If you have configured keystone with an LDAP backend, and you have
project with a disabled AD user as a member, the "openstack role
assignment list --project <id> --names" command will fail with a HTTP
404 response, beacause it can't resolve the name of the disabled user.
Example:
larserik@manager:~$ openstack role assignment list --project 9a71b116d24747e19671ed4f28bfd512 -f value
9fe2ff9ee4384b1894a90878d3e92bab 3e2e82db86d8423db18595a2a5dd926a 9a71b116d24747e19671ed4f28bfd512 False
9fe2ff9ee4384b1894a90878d3e92bab 83b6168d45c9362ce1ec257c224887428ba76d9f70d6f634c7ebb08b9cbd2cf3 9a71b116d24747e19671ed4f28bfd512 False
With --names:
larserik@manager:~$ openstack role assignment list --project 9a71b116d24747e19671ed4f28bfd512 --names -f value
Could not find user: <redacted username> (HTTP 404) (Request-ID: req-b7389d49-d60d-49b1-a0af-dd9ced9ba3da)
What's kind of strange, is that the 404 response actually contains the
username it can't find.
python-keystone 2:9.0.0-0ubuntu1~cloud0
python-keystoneclient 1:2.3.1-2~cloud0
python-openstackclient 2.3.0-2~cloud0
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1690782
Title:
Role assignment list with name resolution fails if a project contains
a disabled AD user
Status in OpenStack Identity (keystone):
New
Bug description:
If you have configured keystone with an LDAP backend, and you have
project with a disabled AD user as a member, the "openstack role
assignment list --project <id> --names" command will fail with a HTTP
404 response, beacause it can't resolve the name of the disabled user.
Example:
larserik@manager:~$ openstack role assignment list --project 9a71b116d24747e19671ed4f28bfd512 -f value
9fe2ff9ee4384b1894a90878d3e92bab 3e2e82db86d8423db18595a2a5dd926a 9a71b116d24747e19671ed4f28bfd512 False
9fe2ff9ee4384b1894a90878d3e92bab 83b6168d45c9362ce1ec257c224887428ba76d9f70d6f634c7ebb08b9cbd2cf3 9a71b116d24747e19671ed4f28bfd512 False
With --names:
larserik@manager:~$ openstack role assignment list --project 9a71b116d24747e19671ed4f28bfd512 --names -f value
Could not find user: <redacted username> (HTTP 404) (Request-ID: req-b7389d49-d60d-49b1-a0af-dd9ced9ba3da)
What's kind of strange, is that the 404 response actually contains the
username it can't find.
python-keystone 2:9.0.0-0ubuntu1~cloud0
python-keystoneclient 1:2.3.1-2~cloud0
python-openstackclient 2.3.0-2~cloud0
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1690782/+subscriptions
Follow ups