Bug 1345838
Summary: | Create user with wrong written default domain-id breaks v2 user list action | ||
---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Martin Schuppert <mschuppe> |
Component: | openstack-keystone | Assignee: | John Dennis <jdennis> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | nlevinki <nlevinki> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 8.0 (Liberty) | CC: | jdennis, nkinder, srevivo |
Target Milestone: | --- | Keywords: | Triaged, ZStream |
Target Release: | 9.0 (Mitaka) | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-10-10 17:36:47 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Martin Schuppert
2016-06-13 09:51:05 UTC
Bellow patch could validate the domain during create_user call and correct ID is stored in DB: # diff -u /usr/lib/python2.7/site-packages/keystone/identity/core.py /usr/lib/python2.7/site-packages/keystone/identity/core.py.new --- /usr/lib/python2.7/site-packages/keystone/identity/core.py 2016-06-13 04:28:21.231444614 -0400 +++ /usr/lib/python2.7/site-packages/keystone/identity/core.py.new 2016-06-13 04:28:15.067355905 -0400 @@ -823,12 +823,13 @@ user['name'] = clean.user_name(user['name']) user.setdefault('enabled', True) user['enabled'] = clean.user_enabled(user['enabled']) - domain_id = user['domain_id'] - self.resource_api.get_domain(domain_id) - # For creating a user, the domain is in the object itself - domain_id = user_ref['domain_id'] - driver = self._select_identity_driver(domain_id) + # cleanup difference between domain_id provided and what is in DB + # to not break v2 when default is written in upper/lower case + user['domain_id'] = self.resource_api.get_domain( + user_ref['domain_id'])['id'] + + driver = self._select_identity_driver(user['domain_id']) user = self._clear_domain_id_if_domain_unaware(driver, user) # Generate a local ID - in the future this might become a function of # the underlying driver so that it could conform to rules set down by @@ -837,7 +838,7 @@ ref = driver.create_user(user['id'], user) notifications.Audit.created(self._USER, user['id'], initiator) return self._set_domain_id_and_mapping( - ref, domain_id, driver, mapping.EntityType.USER) + ref, user['domain_id'], driver, mapping.EntityType.USER) @domains_configured @exception_translated('user') SIDE node missed in description, user create action using keystone client validates domain. This is only seen when using direct api calls. got a fix merged upstream in master at https://review.openstack.org/#/c/331567/ Confirmed that this has been fixed in master (OSP 10): {"error": {"message": "Could not find domain: DEfauLT", "code": 404, "title": "Not Found"}}[stack@undercloud ~]$ Submitting patch for Upstream releases that correspond to OSP 8 and 9 This was fixed in openstack-keystone-9.3.0-1.el7ost.src.rpm, which was released as a part of the following errata: https://access.redhat.com/errata/RHSA-2017:1461 |