yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #64696
[Bug 1684820] Re: GET /role_assignments?include_names API is blocked with 404 error when a user doesn't exists in identity backend
** Changed in: keystone/ocata
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1684820
Title:
GET /role_assignments?include_names API is blocked with 404 error when
a user doesn't exists in identity backend
Status in OpenStack Identity (keystone):
Fix Released
Status in OpenStack Identity (keystone) ocata series:
Fix Released
Bug description:
In an environment like ldap server as identity backend, where users
are assigned roles it insert records in keystone.assignment table.
After a while if an admin removes one of the user say "user1" from
identity backend, role assignment still persists in
keystone.assignment table for "user1".
So when a someone invokes [0], it fetches all role assignments at [1],
then tries to get usernames at [2] by iterating though each of the
user_id in resultant role assignments at [3]. since "user1" doesn't
exits, it is throwing "Could not find user: user1." with 404 error
which we need to handle it.
[0] GET /v3/role_assignments?effective&include_names&scope.project.id=proj1
[1] https://github.com/openstack/keystone/blob/master/keystone/assignment/core.py#L918
[2] https://github.com/openstack/keystone/blob/master/keystone/assignment/core.py#L928
[3] https://github.com/openstack/keystone/blob/master/keystone/assignment/core.py#L941
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1684820/+subscriptions
References
