yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #83360
[Bug 1844616] [NEW] federated user creation creates duplicates of existing user accounts
You have been subscribed to a public bug:
Keystone 15.0.0-0ubuntu1~cloud0
DISTRIB_CODENAME=bionic
Charm cs:keystone-306 keystone-saml-mellon-3
We had a situation where two user accounts were found with the same name
and user ID in both the local_user and federated_user table. This meant
that running `openstack user show --domain mydomain username2` would
fail with "More than one user exists with the name 'username2'".
Listing users would show only one user account, and using the user uuid
to 'user show' was working fine.
I ended up removing the two rows from local_user to work around this.
The bug however, is that federated users with the same name as one that
was already located in local_user shouldn't be created like that.
mysql> select * from local_user;
+-----+----------------------------------+----------------------------------+-------------------------------+-------------------+----------------+
| id | user_id | domain_id | name | failed_auth_count | failed_auth_at |
+-----+----------------------------------+----------------------------------+-------------------------------+-------------------+----------------+
| 3 | 1e0099400dd34adeba2ed6751064227a | 87fb238ef6d0430cbda59b08e3a1ea82 | admin | 0 | NULL |
| 6 | 8840d047cca346e6a00e435306f72ffc | a1effaa626284677ade0fbe3e85c59bd | cinderv2_cinderv3 | 0 | NULL |
| 9 | d71b70de0cdd4beba2e5f1d3842c93b1 | fa58dfa26889413e85b4855837952b74 | cinderv2_cinderv3 | 0 | NULL |
| 12 | d0750dcc890543918fe043eb5782e0ed | a1effaa626284677ade0fbe3e85c59bd | gnocchi | 0 | NULL |
| 15 | c870e8dc427841c08fbba94b824f5765 | fa58dfa26889413e85b4855837952b74 | gnocchi | 0 | NULL |
| 18 | 964d6a7b3d8d4a49ac2ef2accd5350d3 | a1effaa626284677ade0fbe3e85c59bd | neutron | 0 | NULL |
| 21 | e1e77e91a9ed4dde8230d80b752d4f5c | fa58dfa26889413e85b4855837952b74 | neutron | 0 | NULL |
| 24 | d090c19794dd4f27b08deab6713bd4ac | a1effaa626284677ade0fbe3e85c59bd | nova_placement | 0 | NULL |
| 27 | 9fbb011ce1fc495ebf716d5cb56cd007 | fa58dfa26889413e85b4855837952b74 | nova_placement | 0 | NULL |
| 30 | 1bad96de0fcd41a3b30d2c4e4ad9bb05 | a1effaa626284677ade0fbe3e85c59bd | octavia | 0 | NULL |
| 33 | f4da2edc5e8f461b8d71eee67eabe4c2 | fa58dfa26889413e85b4855837952b74 | octavia | 0 | NULL |
| 36 | a4d97a3a5a6644eb92848b9ea40ba71f | a1effaa626284677ade0fbe3e85c59bd | barbican | 0 | NULL |
| 39 | 4d827a03abb24855b6cc37602fe346a5 | fa58dfa26889413e85b4855837952b74 | barbican | 0 | NULL |
| 42 | 63b4389e35e446199b4e6a57a789e89c | a1effaa626284677ade0fbe3e85c59bd | aodh | 0 | NULL |
| 45 | 3222d274dd0347a080b5371a348356b3 | fa58dfa26889413e85b4855837952b74 | aodh | 0 | NULL |
| 48 | 957f4a409dec46c6b44f38a80949f7d1 | a1effaa626284677ade0fbe3e85c59bd | swift | 0 | NULL |
| 51 | 8a89ed1cd1984814b544070295a2854f | fa58dfa26889413e85b4855837952b74 | swift | 0 | NULL |
| 54 | 1ee61ad58f0948eab3c43fdf95790dcd | a1effaa626284677ade0fbe3e85c59bd | designate | 0 | NULL |
| 57 | 32475aeb4dc0469080581f9acc9f7905 | fa58dfa26889413e85b4855837952b74 | designate | 0 | NULL |
| 60 | 79b9411206524f00b0d05d3112a03840 | a1effaa626284677ade0fbe3e85c59bd | glance | 0 | NULL |
| 63 | 35257eb811d84e0091381e74d4fbca21 | fa58dfa26889413e85b4855837952b74 | glance | 0 | NULL |
| 66 | d07d3c3c619c4478b196bb81b8a4ced5 | a1effaa626284677ade0fbe3e85c59bd | heat_heat-cfn | 0 | NULL |
| 69 | 5f35abc07a2141d1aad22c3beb59c802 | fa58dfa26889413e85b4855837952b74 | heat_heat-cfn | 0 | NULL |
| 72 | 6a615b68427a480a98cca6807ba2388d | fa58dfa26889413e85b4855837952b74 | nagios | 0 | NULL |
| 75 | 82762b9e71b0423888833e3a13df80ff | fa58dfa26889413e85b4855837952b74 | prometheus-openstack-exporter | 0 | NULL |
| 78 | 0f04dc8d78e045c0915cf9a08a53aa96 | fa58dfa26889413e85b4855837952b74 | ceilometer | 0 | NULL |
| 81 | d3b07f907b454f7294bbf168c28c38aa | 12ba878696e54f7c91a2ef9001d93e99 | heat_domain_admin | 0 | NULL |
| 84 | e367233542454164ac8b90dc1722d9f2 | 87fb238ef6d0430cbda59b08e3a1ea82 | cloudadmin | 0 | NULL |
| 141 | 77e255c3967c400a8a8d7de55338d09b | 6d4704c1a6164c70a4763ac886bcf228 | landscape | NULL | NULL |
| 165 | 713a08bae9dc4640ace34da1cffb2b77 | 6d4704c1a6164c70a4763ac886bcf228 | domainadmin | 0 | NULL |
| 168 | e17783fa996a4ff9b4563c9d69360c86 | 6d4704c1a6164c70a4763ac886bcf228 | username1 | 0 | NULL |
| 171 | f110007ded3548efaf46e89146951524 | 6d4704c1a6164c70a4763ac886bcf228 | username2 | 0 | NULL |
| 175 | af7dd6f186a3407f9f200bc40c51eeb6 | 6d4704c1a6164c70a4763ac886bcf228 | demouser | 0 | NULL |
+-----+----------------------------------+----------------------------------+-------------------------------+-------------------+----------------+
mysql> select * from federated_user;
+----+----------------------------------+----------+-------------+-------------------------------+-----------------------------+
| id | user_id | idp_id | protocol_id | unique_id | display_name |
+----+----------------------------------+----------+-------------+-------------------------------+-----------------------------+
| 3 | e17783fa996a4ff9b4563c9d69360c86 | fs-domain | mapped | username1 | username1 |
| 6 | af0c5dd0f10b46d89189a5b004829d11 | fs-domain | mapped | username3 | username3 |
| 51 | f110007ded3548efaf46e89146951524 | fs-domain | mapped | username2 | username2 |
| 52 | abdbfae630834c0a92385620a283760d | fs-domain | mapped | username4 | username4 |
+----+----------------------------------+----------+-------------+-------------------------------+-----------------------------+
** Affects: keystone
Importance: Undecided
Status: New
** Tags: canonical-bootstack
--
federated user creation creates duplicates of existing user accounts
https://bugs.launchpad.net/bugs/1844616
You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone).