@dolph: I think something more is going on here. With v2.0 I get a 409 every time if the user is already a member of the project, even if they have never had a default project before.
User.update_user_project() seems very naive: https://github.com/openstack/keystone/blob/71c6a4b88279ddf9047595fb4c1ffbce4062621d/keystone/identity/controllers.py#L247 Shouldn't this be checking whether the user is already on the project? ** Changed in: keystone Status: Invalid => Confirmed -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1161963 Title: Editing User fails when the user already has a Primary Project Status in OpenStack Dashboard (Horizon): Confirmed Status in OpenStack Identity (Keystone): Confirmed Bug description: As an admin, if I want to edit the details for a user who already has a Primary Project associated, the form submission fails with "Error: There was an error submitting the form. Please try again. " DEBUG:requests.packages.urllib3.connectionpool:"PUT /v2.0/users/9c058a211a0b4ceb938d0cd764f22f6b/OS-KSADM/tenant HTTP/1.1" 409 240 DEBUG:keystoneclient.client:Request returned failure status: 409 ERROR:django.request:Internal Server Error: /admin/users/9c058a211a0b4ceb938d0cd764f22f6b/update/ Traceback (most recent call last): File "/opt/stack/horizon/openstack_dashboard/wsgi/../../openstack_dashboard/api/keystone.py", line 221, in user_update_tenant tenant_id) File "/opt/stack/python-keystoneclient/keystoneclient/v2_0/users.py", line 96, in update_tenant params, "user") File "/opt/stack/python-keystoneclient/keystoneclient/base.py", line 104, in _update management=management) File "/opt/stack/python-keystoneclient/keystoneclient/client.py", line 417, in put return self._cs_request(url, 'PUT', **kwargs) File "/opt/stack/python-keystoneclient/keystoneclient/client.py", line 404, in _cs_request **kwargs) File "/opt/stack/python-keystoneclient/keystoneclient/client.py", line 366, in request raise exceptions.from_response(resp, resp.text) ClientException: Unable to communicate with identity service: {"error": {"message": "Conflict occurred attempting to store role grant. User 9c058a211a0b4ceb938d0cd764f22f6b already has role 9fe2ff9ee4384b1894a90878d3e92bab in tenant 4783617525c349b28413bc32cf2d5cc4", "code": 409, "title": "Conflict"}}. (HTTP 409) Steps to reproduce: 1. As an admin, go to Admin -> Users and Edit the demo user 2. Change the demo's email. It's not possible to submit the form without a primary project so select "demo" 3. Try to edit the demo user again to revert your change. "demo" will be preselected as a Primary project. Submit the form. 4. A message "Error: There was an error submitting the form. Please try again. " is displayed. The email change actually took place. This appears to be a regression, as I can't reproduce the problem in a Folsom devstack. The code around this hasn't changed in Horizon though, as far as I can tell. To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1161963/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
