yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #73547
[Bug 1778989] [NEW] Keystone client is unable to correctly look up names of federated users
Public bug reported:
When looking up a user in a domain, one can generally do this:
openstack user show --domain testdomain testuser
Unfortunately, if testuser is a federated user, the above command will
fail. For example:
$ openstack domain list -c ID -c Name
+----------------------------------+----------------------------------+
| ID | Name |
+----------------------------------+----------------------------------+
| 2b47931027ef4b9e914ab158ef77ae07 | testdomain |
| 3cb3f05971c243f08ec4715f228876f1 | heat_stack |
| 6657bdf192594898a1b9b846296c5141 | 6657bdf192594898a1b9b846296c5141 |
| default | Default |
+----------------------------------+----------------------------------+
In the above, 6657bdf192594898a1b9b846296c5141 is a domain for federated
users that was auto-generated for an identity provider. There is one
user in the domain:
$ openstack user list --domain 6657bdf192594898a1b9b846296c5141
+----------------------------------+--------+
| ID | Name |
+----------------------------------+--------+
| 428641fc53664e3ba66bd52ff64ce37e | larsks |
+----------------------------------+--------+
But the following command fails:
$ openstack user show --domain 6657bdf192594898a1b9b846296c5141 larsks
No user with a name or ID of 'larsks' exists.
** Affects: keystone
Importance: Medium
Status: Confirmed
** Description changed:
- When looking up a user in a domain, when can generally do this:
+ When looking up a user in a domain, one can generally do this:
- openstack user show --domain testdomain testuser
+ openstack user show --domain testdomain testuser
Unfortunately, if testuser is a federated user, the above command will
fail. For example:
- $ openstack domain list -c ID -c Name
- +----------------------------------+----------------------------------+
- | ID | Name |
- +----------------------------------+----------------------------------+
- | 2b47931027ef4b9e914ab158ef77ae07 | testdomain |
- | 3cb3f05971c243f08ec4715f228876f1 | heat_stack |
- | 6657bdf192594898a1b9b846296c5141 | 6657bdf192594898a1b9b846296c5141 |
- | default | Default |
- +----------------------------------+----------------------------------+
+ $ openstack domain list -c ID -c Name
+ +----------------------------------+----------------------------------+
+ | ID | Name |
+ +----------------------------------+----------------------------------+
+ | 2b47931027ef4b9e914ab158ef77ae07 | testdomain |
+ | 3cb3f05971c243f08ec4715f228876f1 | heat_stack |
+ | 6657bdf192594898a1b9b846296c5141 | 6657bdf192594898a1b9b846296c5141 |
+ | default | Default |
+ +----------------------------------+----------------------------------+
In the above, 6657bdf192594898a1b9b846296c5141 is a domain for federated
users that was auto-generated for an identity provider. There is one
user in the domain:
- $ openstack user list --domain 6657bdf192594898a1b9b846296c5141
- +----------------------------------+--------+
- | ID | Name |
- +----------------------------------+--------+
- | 428641fc53664e3ba66bd52ff64ce37e | larsks |
- +----------------------------------+--------+
+ $ openstack user list --domain 6657bdf192594898a1b9b846296c5141
+ +----------------------------------+--------+
+ | ID | Name |
+ +----------------------------------+--------+
+ | 428641fc53664e3ba66bd52ff64ce37e | larsks |
+ +----------------------------------+--------+
But the following command fails:
- $ openstack user show --domain 6657bdf192594898a1b9b846296c5141 larsks
- No user with a name or ID of 'larsks' exists.
+ $ openstack user show --domain 6657bdf192594898a1b9b846296c5141 larsks
+ No user with a name or ID of 'larsks' exists.
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1778989
Title:
Keystone client is unable to correctly look up names of federated
users
Status in OpenStack Identity (keystone):
Confirmed
Bug description:
When looking up a user in a domain, one can generally do this:
openstack user show --domain testdomain testuser
Unfortunately, if testuser is a federated user, the above command will
fail. For example:
$ openstack domain list -c ID -c Name
+----------------------------------+----------------------------------+
| ID | Name |
+----------------------------------+----------------------------------+
| 2b47931027ef4b9e914ab158ef77ae07 | testdomain |
| 3cb3f05971c243f08ec4715f228876f1 | heat_stack |
| 6657bdf192594898a1b9b846296c5141 | 6657bdf192594898a1b9b846296c5141 |
| default | Default |
+----------------------------------+----------------------------------+
In the above, 6657bdf192594898a1b9b846296c5141 is a domain for
federated users that was auto-generated for an identity provider.
There is one user in the domain:
$ openstack user list --domain 6657bdf192594898a1b9b846296c5141
+----------------------------------+--------+
| ID | Name |
+----------------------------------+--------+
| 428641fc53664e3ba66bd52ff64ce37e | larsks |
+----------------------------------+--------+
But the following command fails:
$ openstack user show --domain 6657bdf192594898a1b9b846296c5141 larsks
No user with a name or ID of 'larsks' exists.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1778989/+subscriptions
Follow ups
