← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #93366

[Bug 2044624] Re: set_last_active_at on deleted user results in AttributeError

  Thread PreviousDate PreviousThread Next 
Reviewed:  https://review.opendev.org/c/openstack/keystone/+/901885
Committed: https://opendev.org/openstack/keystone/commit/26c8812b4c41843f749924cee787ea3b3f8ad022
Submitter: "Zuul (22348)"
Branch:    master

commit 26c8812b4c41843f749924cee787ea3b3f8ad022
Author: Boris Bobrov <b.bobrov@xxxxxxx>
Date:   Sun Nov 26 00:44:55 2023 +0100

    Check user existence before setting last_active_at
    
    A situation might arise, when the user does not exist any more and we
    are attempting to set last_active_at on them. This results in keystone
    raising AttributeError.
    
    Check for user existense before addressing the attribute
    
    Closes-Bug: 2044624
    Change-Id: I3eb5890fb6d52a222b7caa4a52effc06774c0542


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/2044624

Title:
  set_last_active_at on deleted user results in AttributeError

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  Steps to reproduce:

  0. keystone stable/zed

  1. You need a system with 2 scripts and a keystone user in sql, running in parallel:
  Script 1 performs many authentications with username+password
  Script 2 deletes the user

  2. With enough luck, you get the following backtrace:

  2023-11-25 19:56:10.675007 AttributeError: 'NoneType' object has no attribute 'last_active_at'
  2023-11-25 19:56:10.674995 user_ref.last_active_at = datetime.datetime.utcnow().date()
  2023-11-25 19:56:10.674993 File "/var/lib/openstack/lib/python3.10/site-packages/keystone/identity/shadow_backends/sql.py", line 161, in set_last_active_at

  I think the reason is that in some cases authentication is slower than
  deletion. Which results in a race condition: deletion process has
  finished, but authentication is still mid-execution.

  Expected: keystone either finishes the authentication successfully returning the token or raises a 4xx error
  Observed: keystone crashes, resulting in error 500

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/2044624/+subscriptions

References

  Thread PreviousDate PreviousThread Next