Reviewed: https://review.openstack.org/438896 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=59d7b1fcd710a0eff289f467bbb82a07037a51b0 Submitter: Jenkins Branch: master
commit 59d7b1fcd710a0eff289f467bbb82a07037a51b0 Author: Colleen Murphy <[email protected]> Date: Tue Feb 28 11:03:40 2017 +0100 Fix duplicate handling for user-specified IDs For resources such as federation protocols and federation mappings, the database primary keys are ID strings specified by the user creating them. If the user created such a resource that happened to have the substrings 'id' or 'name' in the identifier, and then by accident tried to create it again, it would fail with a message that did not appear to relate to the entry being a duplicate: string indices must be integers (HTTP 400) This was because the method that is supposed to form a user-friendly message receives all the arguments as a tuple and iterates over it, looking for a dictionary with the keys 'id' or 'name' to figure out what was trying to be duplicated. However, it can't distinguish between a dictionary with 'id' or 'name' as a key and a string with 'id' or 'name' as a substring, and trips if it finds such a string. This logic for looking for 'id', 'name', or 'domain_id' in an object really only makes sense if the object is a dict, so this patch adds a check to ensure it is a dict before looking for keys in it. Change-Id: If3c23a28eb5594efaa49c6a15d8db11cfc8d9057 Closes-bug: #1668563 ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1668563 Title: Unclear error when attempting to create duplicate resources with certain names Status in OpenStack Identity (keystone): Fix Released Bug description: When a user accidentally tries to create certain resources they have already created, if the name of the resource has 'name' or 'id' in the name, the action fails with a very unclear error message. For example, when creating a federation mapping: $ openstack mapping create mapping_with_id_in_the_string --rules rules.json +-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | id | mapping_with_id_in_the_string | | rules | [{u'remote': [{u'type': u'HTTP_OIDC_EMAIL'}], u'local': [{u'group': {u'domain': {u'name': u'Default'}, u'name': u'federated_users'}, u'user': {u'name': u'{0}'}}]}] | +-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ $ openstack mapping create mapping_with_id_in_the_string --rules rules.json· string indices must be integers (HTTP 400) (Request-ID: req-d37fa5f1-f354-45a8-9408-7b2b254b8c41) $ openstack mapping create mapping_with_name_in_the_string --rules rules.json +-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | id | mapping_with_name_in_the_string | | rules | [{u'remote': [{u'type': u'HTTP_OIDC_EMAIL'}], u'local': [{u'group': {u'domain': {u'name': u'Default'}, u'name': u'federated_users'}, u'user': {u'name': u'{0}'}}]}] | +-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ $ openstack mapping create mapping_with_name_in_the_string --rules rules.json· string indices must be integers (HTTP 400) (Request-ID: req-5efee6af-e924-428e-a929-cee5c8efb48c) But the error is clearer if the string does not have a special substring in it: $ openstack mapping create mapping_with_nothing_special_in_the_string --rules rules.json· +-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | id | mapping_with_nothing_special_in_the_string | | rules | [{u'remote': [{u'type': u'HTTP_OIDC_EMAIL'}], u'local': [{u'group': {u'domain': {u'name': u'Default'}, u'name': u'federated_users'}, u'user': {u'name': u'{0}'}}]}] | +-------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------+ $ openstack mapping create mapping_with_nothing_special_in_the_string --rules rules.json· Conflict occurred attempting to store mapping - Duplicate entry. (HTTP 409) (Request-ID: req-8fa12715-7cce-40b7-95f4-92431bb13132) Similarly for creating a federation protocol with 'id' or 'name' in the the name of the protocol: $ openstack federation protocol create protocol_with_id_in_the_string --mapping mapping_with_nothing_special_in_the_string --identity-provider google +-------------------+--------------------------------------------+ | Field | Value | +-------------------+--------------------------------------------+ | id | protocol_with_id_in_the_string | | identity_provider | google | | mapping | mapping_with_nothing_special_in_the_string | +-------------------+--------------------------------------------+ $ openstack federation protocol create protocol_with_id_in_the_string --mapping mapping_with_nothing_special_in_the_string --identity-provider google string indices must be integers (HTTP 400) (Request-ID: req-d0659c94-9662-4c57-a230-9e4fbcd33fb0) Or if the identity provider has 'id' or 'name' in its name: $ openstack federation protocol create normal_protocol --mapping mapping_with_nothing_special_in_the_string --identity-provider sso_service_with_id_in_the_string +-------------------+--------------------------------------------+ | Field | Value | +-------------------+--------------------------------------------+ | id | normal_protocol | | identity_provider | sso_service_with_id_in_the_string | | mapping | mapping_with_nothing_special_in_the_string | +-------------------+--------------------------------------------+ $ openstack federation protocol create normal_protocol --mapping mapping_with_nothing_special_in_the_string --identity-provider sso_service_with_id_in_the_string string indices must be integers (HTTP 400) (Request-ID: req-ddafd212-91e3-4ea5-9af0-a3cde6f7398b) To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1668563/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
