[Yahoo-eng-team] [Bug 1615000] [NEW] Entry to User table creates entries in local_user table for ldap and custom driver users

Divya K Konoor Fri, 19 Aug 2016 08:12:42 -0700

Public bug reported:

This was observed while trying with ldap and custom driver users (not
sure of the behavior for federated and sql users).


It's found that after ldap / custom driver user is configured with OpenStack 
and a user authentication request is placed (token issue for eg.), there are 
entries made into 3 tables:
- User
- local_user
- nonlocal_user

As seen below, the ldap user name is avni_u1

MariaDB [keystone]> select * from id_mapping where 
public_id="b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510";
+------------------------------------------------------------------+-----------+----------+-------------+
| public_id                                                        | domain_id 
| local_id | entity_type |
+------------------------------------------------------------------+-----------+----------+-------------+
| b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510 | default   
| avni_u1  | user        |
+------------------------------------------------------------------+-----------+----------+-------------+
1 row in set (0.00 sec)

MariaDB [keystone]> select * from user;
+------------------------------------------------------------------+-------------------------------------------------+---------+--------------------+---------------------+----------------+
| id                                                               | extra      
                                     | enabled | default_project_id | 
created_at          | last_active_at |
+------------------------------------------------------------------+-------------------------------------------------+---------+--------------------+---------------------+----------------+
| b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510 | 
{"description": "user with admin role"}         |    NULL | NULL               
| 2016-08-19 13:32:44 | NULL           |
+------------------------------------------------------------------+-------------------------------------------------+---------+--------------------+---------------------+----------------+
1 rows in set (0.00 sec)

MariaDB [keystone]> select * from local_user;
+----+------------------------------------------------------------------+----------------------------------+------------+-------------------+----------------+
| id | user_id                                                          | 
domain_id                        | name       | failed_auth_count | 
failed_auth_at |
+----+------------------------------------------------------------------+----------------------------------+------------+-------------------+----------------+
| |  1 | b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510 | 
default                          | avni_u1    |              NULL | NULL        
   |
+----+------------------------------------------------------------------+----------------------------------+------------+-------------------+----------------+
1 rows in set (0.00 sec)

MariaDB [keystone]> select * from nonlocal_user;
+----------------------------------+------------+------------------------------------------------------------------+
| domain_id                        | name       | user_id                       
                                   |
+----------------------------------+------------+------------------------------------------------------------------+
| | default                          | avni_u1    | 
b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510 |
| 
+----------------------------------+------------+------------------------------------------------------------------+

This behavior is probably not new and is caused due to
https://github.com/openstack/keystone/blob/master/keystone/identity/backends/sql_model.py#L147

** Affects: keystone
     Importance: Undecided
     Assignee: Ron De Rose (ronald-de-rose)
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1615000

Title:
  Entry to User table creates entries in local_user table for ldap and
  custom driver users

Status in OpenStack Identity (keystone):
  New

Bug description:
  This was observed while trying with ldap and custom driver users (not
  sure of the behavior for federated and sql users).

  It's found that after ldap / custom driver user is configured with OpenStack 
and a user authentication request is placed (token issue for eg.), there are 
entries made into 3 tables:
  - User
  - local_user
  - nonlocal_user

  As seen below, the ldap user name is avni_u1

  MariaDB [keystone]> select * from id_mapping where 
public_id="b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510";
  
+------------------------------------------------------------------+-----------+----------+-------------+
  | public_id                                                        | 
domain_id | local_id | entity_type |
  
+------------------------------------------------------------------+-----------+----------+-------------+
  | b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510 | default  
 | avni_u1  | user        |
  
+------------------------------------------------------------------+-----------+----------+-------------+
  1 row in set (0.00 sec)

  MariaDB [keystone]> select * from user;
  
+------------------------------------------------------------------+-------------------------------------------------+---------+--------------------+---------------------+----------------+
  | id                                                               | extra    
                                       | enabled | default_project_id | 
created_at          | last_active_at |
  
+------------------------------------------------------------------+-------------------------------------------------+---------+--------------------+---------------------+----------------+
  | b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510 | 
{"description": "user with admin role"}         |    NULL | NULL               
| 2016-08-19 13:32:44 | NULL           |
  
+------------------------------------------------------------------+-------------------------------------------------+---------+--------------------+---------------------+----------------+
  1 rows in set (0.00 sec)

  MariaDB [keystone]> select * from local_user;
  
+----+------------------------------------------------------------------+----------------------------------+------------+-------------------+----------------+
  | id | user_id                                                          | 
domain_id                        | name       | failed_auth_count | 
failed_auth_at |
  
+----+------------------------------------------------------------------+----------------------------------+------------+-------------------+----------------+
  | |  1 | b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510 | 
default                          | avni_u1    |              NULL | NULL        
   |
  
+----+------------------------------------------------------------------+----------------------------------+------------+-------------------+----------------+
  1 rows in set (0.00 sec)

  MariaDB [keystone]> select * from nonlocal_user;
  
+----------------------------------+------------+------------------------------------------------------------------+
  | domain_id                        | name       | user_id                     
                                     |
  
+----------------------------------+------------+------------------------------------------------------------------+
  | | default                          | avni_u1    | 
b3a54f2bbea168204a907aad3fc15a66d60cec9ad5d3301a4586b01b5e461510 |
  | 
+----------------------------------+------------+------------------------------------------------------------------+

  This behavior is probably not new and is caused due to
  
https://github.com/openstack/keystone/blob/master/keystone/identity/backends/sql_model.py#L147

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1615000/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1615000] [NEW] Entry to User table creates entries in local_user table for ldap and custom driver users

Reply via email to