yahoo-eng-team team mailing list archive

[OpenStack Infra <1641639@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.openstack.org/605169
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=cbcccb9ecadc37d45a66b87cd80e2fd7ee3de3f7
Submitter: Zuul
Branch:    master

commit cbcccb9ecadc37d45a66b87cd80e2fd7ee3de3f7
Author: Adam Young <ayoung@xxxxxxxxxx>
Date:   Tue Sep 25 14:17:28 2018 -0400

    Replace UUID with id_generator for Federated users
    
    The LDAP code has long had a swappable backend to generate
    the user IDs that map from LDAP to SQL.  THe Federated code
    was supposed to use the same mechanism, but it ended up
    generating a UUID for the userid instead.  This is a backwards
    compatible change that converts the Federated UserIDs to a
    sha256 hash of the same 3 pieces of data that LDAP now uses:
    the domain_id, the unique ID from the Federated backend, and
    the entity type (User).
    
    This code is tested via
    tox -e py35 -- keystone.tests.unit.test_shadow_users
    
    Longer IDs show up in some of the Federation tests
    
    closes-bug: 1641639
    
    Change-Id: Ica21c54c1fcc9b44e4935718c8903237d0857120


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1641639

Title:
  use mapping_id for shadow users

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  Currently, shadow users are created for users that log in through
  federation. New "local_user" accounts are created with a new UUID.
  Rather than creating a new UUID, we should re-use the mapping_id
  backend that was employed with LDAP users.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1641639/+subscriptions