yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #93001
[Bug 2040299] [NEW] GET /v3/users?name=NAME returns duplicate
Public bug reported:
GET /v3/users?name=<USER_NAME> will return duplicates if the user have
federated data
I have a federated local user in the default domain:
REQ: GET https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec
RESP: 200: OK
{
"user": {
"description": "Local federated user",
"email": "federated-user@xxxxxxxxxx",
"id": "91665ebad88b497cb90eaf4f856357ec",
"name": "federated-user",
"domain_id": "default",
"enabled": true,
"password_expires_at": null,
"options": {},
"federated": [
{
"idp_id": "eduid",
"protocols": [
{
"protocol_id": "openid",
"unique_id": "613248723467843876@xxxxxxxxxxxxxx"
}
]
}
],
"links": {
"self": "https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec";
}
}
}
But when I try to get the user by name, it is returned twice:
REQ: GET https://identity/v3/users?name=federated-user
RESP: 200: OK
{
"users": [
{
"description": "Local federated user",
"email": "federated-user@xxxxxxxxxx",
"id": "91665ebad88b497cb90eaf4f856357ec",
"name": "federated-user",
"domain_id": "default",
"enabled": true,
"password_expires_at": null,
"options": {},
"links": {
"self": "https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec";
}
},
{
"description": "Local federated user",
"email": "federated-user@xxxxxxxxxx",
"id": "91665ebad88b497cb90eaf4f856357ec",
"name": "federated-user",
"domain_id": "default",
"enabled": true,
"password_expires_at": null,
"options": {},
"links": {
"self": "https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec";
}
}
],
"links": {
"next": null,
"self": "https://identity/v3/users?name=federated-user";,
"previous": null
}
}
The same problem with the openstack CLI:
$ openstack user show federated-user
More than one user exists with the name 'federated-user'.
Why does this append?
Why is the user by name returned twice?
This is braking a lot of python code base on OpenstackSDK, typically the
code:
api = openstack.connect()
user = api.identity.find_user('federated-user')
will throw an exception!
** Affects: keystone
Importance: Undecided
Status: New
** Description changed:
I have a federated local user in the default domain:
REQ: GET https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec
RESP: 200: OK
{
- "user": {
- "description": "Local federated user",
- "email": "federated-user@xxxxxxxxxx",
- "id": "91665ebad88b497cb90eaf4f856357ec",
- "name": "federated-user",
- "domain_id": "default",
- "enabled": true,
- "password_expires_at": null,
- "options": {},
- "federated": [
- {
- "idp_id": "eduid",
- "protocols": [
- {
- "protocol_id": "openid",
- "unique_id": "613248723467843876@xxxxxxxxxxxxxx"
- }
- ]
- }
- ],
- "links": {
- "self": "https://identity.api.test1.cloud.switch.ch/v3/users/91665ebad88b497cb90eaf4f856357ec";
- }
- }
+ "user": {
+ "description": "Local federated user",
+ "email": "federated-user@xxxxxxxxxx",
+ "id": "91665ebad88b497cb90eaf4f856357ec",
+ "name": "federated-user",
+ "domain_id": "default",
+ "enabled": true,
+ "password_expires_at": null,
+ "options": {},
+ "federated": [
+ {
+ "idp_id": "eduid",
+ "protocols": [
+ {
+ "protocol_id": "openid",
+ "unique_id": "613248723467843876@xxxxxxxxxxxxxx"
+ }
+ ]
+ }
+ ],
+ "links": {
+ "self": "https://identity.api.test1.cloud.switch.ch/v3/users/91665ebad88b497cb90eaf4f856357ec";
+ }
+ }
}
But when I try to get the user by name, it is returned twice:
- REQ: GET https://identity.api.test1.cloud.switch.ch/v3/users?name=valery.tschopp@xxxxxxxxx
+ REQ: GET https://identity/v3/users?name=federated-user
RESP: 200: OK
{
- "users": [
- {
- "description": "Local federated user",
- "email": "federated-user@xxxxxxxxxx",
- "id": "91665ebad88b497cb90eaf4f856357ec",
- "name": "federated-user",
- "domain_id": "default",
- "enabled": true,
- "password_expires_at": null,
- "options": {},
- "links": {
- "self": "https://identity.api.test1.cloud.switch.ch/v3/users/91665ebad88b497cb90eaf4f856357ec";
- }
- },
- {
- "description": "Local federated user",
- "email": "federated-user@xxxxxxxxxx",
- "id": "91665ebad88b497cb90eaf4f856357ec",
- "name": "federated-user",
- "domain_id": "default",
- "enabled": true,
- "password_expires_at": null,
- "options": {},
- "links": {
- "self": "https://identity.api.test1.cloud.switch.ch/v3/users/91665ebad88b497cb90eaf4f856357ec";
- }
- }
- ],
- "links": {
- "next": null,
- "self": "https://identity.api.test1.cloud.switch.ch/v3/users?name=valery.tschopp@xxxxxxxxx";,
- "previous": null
- }
+ "users": [
+ {
+ "description": "Local federated user",
+ "email": "federated-user@xxxxxxxxxx",
+ "id": "91665ebad88b497cb90eaf4f856357ec",
+ "name": "federated-user",
+ "domain_id": "default",
+ "enabled": true,
+ "password_expires_at": null,
+ "options": {},
+ "links": {
+ "self": "https://identity.api.test1.cloud.switch.ch/v3/users/91665ebad88b497cb90eaf4f856357ec";
+ }
+ },
+ {
+ "description": "Local federated user",
+ "email": "federated-user@xxxxxxxxxx",
+ "id": "91665ebad88b497cb90eaf4f856357ec",
+ "name": "federated-user",
+ "domain_id": "default",
+ "enabled": true,
+ "password_expires_at": null,
+ "options": {},
+ "links": {
+ "self": "https://identity.api.test1.cloud.switch.ch/v3/users/91665ebad88b497cb90eaf4f856357ec";
+ }
+ }
+ ],
+ "links": {
+ "next": null,
+ "self": "https://identity.api.test1.cloud.switch.ch/v3/users?name=federated-user";,
+ "previous": null
+ }
}
The same problem with the openstack CLI:
- $ openstack user show valery.tschopp@xxxxxxxxx
- More than one user exists with the name 'valery.tschopp@xxxxxxxxx'.
-
+ $ openstack user show federated-user
+ More than one user exists with the name 'federated-user'.
Why does this append? And why is the user by name returned twice?
** Description changed:
I have a federated local user in the default domain:
REQ: GET https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec
RESP: 200: OK
{
"user": {
"description": "Local federated user",
"email": "federated-user@xxxxxxxxxx",
"id": "91665ebad88b497cb90eaf4f856357ec",
"name": "federated-user",
"domain_id": "default",
"enabled": true,
"password_expires_at": null,
"options": {},
"federated": [
{
"idp_id": "eduid",
"protocols": [
{
"protocol_id": "openid",
"unique_id": "613248723467843876@xxxxxxxxxxxxxx"
}
]
}
],
"links": {
- "self": "https://identity.api.test1.cloud.switch.ch/v3/users/91665ebad88b497cb90eaf4f856357ec";
+ "self": "https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec";
}
}
}
But when I try to get the user by name, it is returned twice:
REQ: GET https://identity/v3/users?name=federated-user
RESP: 200: OK
{
"users": [
{
"description": "Local federated user",
"email": "federated-user@xxxxxxxxxx",
"id": "91665ebad88b497cb90eaf4f856357ec",
"name": "federated-user",
"domain_id": "default",
"enabled": true,
"password_expires_at": null,
"options": {},
"links": {
- "self": "https://identity.api.test1.cloud.switch.ch/v3/users/91665ebad88b497cb90eaf4f856357ec";
+ "self": "https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec";
}
},
{
"description": "Local federated user",
"email": "federated-user@xxxxxxxxxx",
"id": "91665ebad88b497cb90eaf4f856357ec",
"name": "federated-user",
"domain_id": "default",
"enabled": true,
"password_expires_at": null,
"options": {},
"links": {
- "self": "https://identity.api.test1.cloud.switch.ch/v3/users/91665ebad88b497cb90eaf4f856357ec";
+ "self": "https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec";
}
}
],
"links": {
"next": null,
- "self": "https://identity.api.test1.cloud.switch.ch/v3/users?name=federated-user";,
+ "self": "https://identity/v3/users?name=federated-user";,
"previous": null
}
}
The same problem with the openstack CLI:
$ openstack user show federated-user
More than one user exists with the name 'federated-user'.
Why does this append? And why is the user by name returned twice?
** Description changed:
+ GET /v3/users?name=<USER_NAME> will return duplicates if the user have
+ federated data
+
+
I have a federated local user in the default domain:
REQ: GET https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec
RESP: 200: OK
{
"user": {
"description": "Local federated user",
"email": "federated-user@xxxxxxxxxx",
"id": "91665ebad88b497cb90eaf4f856357ec",
"name": "federated-user",
"domain_id": "default",
"enabled": true,
"password_expires_at": null,
"options": {},
"federated": [
{
"idp_id": "eduid",
"protocols": [
{
"protocol_id": "openid",
"unique_id": "613248723467843876@xxxxxxxxxxxxxx"
}
]
}
],
"links": {
"self": "https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec";
}
}
}
But when I try to get the user by name, it is returned twice:
REQ: GET https://identity/v3/users?name=federated-user
RESP: 200: OK
{
"users": [
{
"description": "Local federated user",
"email": "federated-user@xxxxxxxxxx",
"id": "91665ebad88b497cb90eaf4f856357ec",
"name": "federated-user",
"domain_id": "default",
"enabled": true,
"password_expires_at": null,
"options": {},
"links": {
"self": "https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec";
}
},
{
"description": "Local federated user",
"email": "federated-user@xxxxxxxxxx",
"id": "91665ebad88b497cb90eaf4f856357ec",
"name": "federated-user",
"domain_id": "default",
"enabled": true,
"password_expires_at": null,
"options": {},
"links": {
"self": "https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec";
}
}
],
"links": {
"next": null,
"self": "https://identity/v3/users?name=federated-user";,
"previous": null
}
}
The same problem with the openstack CLI:
$ openstack user show federated-user
More than one user exists with the name 'federated-user'.
- Why does this append? And why is the user by name returned twice?
+ Why does this append?
+ Why is the user by name returned twice?
+
+ This is braking a lot of python code base on OpenstackSDK, typically the
+ code:
+
+ api = openstack.connect()
+ user = api.identity.find_user('federated-user')
+
+ will throw an exception!
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/2040299
Title:
GET /v3/users?name=NAME returns duplicate
Status in OpenStack Identity (keystone):
New
Bug description:
GET /v3/users?name=<USER_NAME> will return duplicates if the user have
federated data
I have a federated local user in the default domain:
REQ: GET https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec
RESP: 200: OK
{
"user": {
"description": "Local federated user",
"email": "federated-user@xxxxxxxxxx",
"id": "91665ebad88b497cb90eaf4f856357ec",
"name": "federated-user",
"domain_id": "default",
"enabled": true,
"password_expires_at": null,
"options": {},
"federated": [
{
"idp_id": "eduid",
"protocols": [
{
"protocol_id": "openid",
"unique_id": "613248723467843876@xxxxxxxxxxxxxx"
}
]
}
],
"links": {
"self": "https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec";
}
}
}
But when I try to get the user by name, it is returned twice:
REQ: GET https://identity/v3/users?name=federated-user
RESP: 200: OK
{
"users": [
{
"description": "Local federated user",
"email": "federated-user@xxxxxxxxxx",
"id": "91665ebad88b497cb90eaf4f856357ec",
"name": "federated-user",
"domain_id": "default",
"enabled": true,
"password_expires_at": null,
"options": {},
"links": {
"self": "https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec";
}
},
{
"description": "Local federated user",
"email": "federated-user@xxxxxxxxxx",
"id": "91665ebad88b497cb90eaf4f856357ec",
"name": "federated-user",
"domain_id": "default",
"enabled": true,
"password_expires_at": null,
"options": {},
"links": {
"self": "https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec";
}
}
],
"links": {
"next": null,
"self": "https://identity/v3/users?name=federated-user";,
"previous": null
}
}
The same problem with the openstack CLI:
$ openstack user show federated-user
More than one user exists with the name 'federated-user'.
Why does this append?
Why is the user by name returned twice?
This is braking a lot of python code base on OpenstackSDK, typically
the code:
api = openstack.connect()
user = api.identity.find_user('federated-user')
will throw an exception!
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/2040299/+subscriptions
