Public bug reported: GET /v3/users?name=<USER_NAME> will return duplicates if the user have federated data
I have a federated local user in the default domain: REQ: GET https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec RESP: 200: OK { "user": { "description": "Local federated user", "email": "[email protected]", "id": "91665ebad88b497cb90eaf4f856357ec", "name": "federated-user", "domain_id": "default", "enabled": true, "password_expires_at": null, "options": {}, "federated": [ { "idp_id": "eduid", "protocols": [ { "protocol_id": "openid", "unique_id": "[email protected]" } ] } ], "links": { "self": "https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec"; } } } But when I try to get the user by name, it is returned twice: REQ: GET https://identity/v3/users?name=federated-user RESP: 200: OK { "users": [ { "description": "Local federated user", "email": "[email protected]", "id": "91665ebad88b497cb90eaf4f856357ec", "name": "federated-user", "domain_id": "default", "enabled": true, "password_expires_at": null, "options": {}, "links": { "self": "https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec"; } }, { "description": "Local federated user", "email": "[email protected]", "id": "91665ebad88b497cb90eaf4f856357ec", "name": "federated-user", "domain_id": "default", "enabled": true, "password_expires_at": null, "options": {}, "links": { "self": "https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec"; } } ], "links": { "next": null, "self": "https://identity/v3/users?name=federated-user";, "previous": null } } The same problem with the openstack CLI: $ openstack user show federated-user More than one user exists with the name 'federated-user'. Why does this append? Why is the user by name returned twice? This is braking a lot of python code base on OpenstackSDK, typically the code: api = openstack.connect() user = api.identity.find_user('federated-user') will throw an exception! ** Affects: keystone Importance: Undecided Status: New ** Description changed: I have a federated local user in the default domain: REQ: GET https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec RESP: 200: OK { - "user": { - "description": "Local federated user", - "email": "[email protected]", - "id": "91665ebad88b497cb90eaf4f856357ec", - "name": "federated-user", - "domain_id": "default", - "enabled": true, - "password_expires_at": null, - "options": {}, - "federated": [ - { - "idp_id": "eduid", - "protocols": [ - { - "protocol_id": "openid", - "unique_id": "[email protected]" - } - ] - } - ], - "links": { - "self": "https://identity.api.test1.cloud.switch.ch/v3/users/91665ebad88b497cb90eaf4f856357ec"; - } - } + "user": { + "description": "Local federated user", + "email": "[email protected]", + "id": "91665ebad88b497cb90eaf4f856357ec", + "name": "federated-user", + "domain_id": "default", + "enabled": true, + "password_expires_at": null, + "options": {}, + "federated": [ + { + "idp_id": "eduid", + "protocols": [ + { + "protocol_id": "openid", + "unique_id": "[email protected]" + } + ] + } + ], + "links": { + "self": "https://identity.api.test1.cloud.switch.ch/v3/users/91665ebad88b497cb90eaf4f856357ec"; + } + } } But when I try to get the user by name, it is returned twice: - REQ: GET https://identity.api.test1.cloud.switch.ch/v3/[email protected] + REQ: GET https://identity/v3/users?name=federated-user RESP: 200: OK { - "users": [ - { - "description": "Local federated user", - "email": "[email protected]", - "id": "91665ebad88b497cb90eaf4f856357ec", - "name": "federated-user", - "domain_id": "default", - "enabled": true, - "password_expires_at": null, - "options": {}, - "links": { - "self": "https://identity.api.test1.cloud.switch.ch/v3/users/91665ebad88b497cb90eaf4f856357ec"; - } - }, - { - "description": "Local federated user", - "email": "[email protected]", - "id": "91665ebad88b497cb90eaf4f856357ec", - "name": "federated-user", - "domain_id": "default", - "enabled": true, - "password_expires_at": null, - "options": {}, - "links": { - "self": "https://identity.api.test1.cloud.switch.ch/v3/users/91665ebad88b497cb90eaf4f856357ec"; - } - } - ], - "links": { - "next": null, - "self": "https://identity.api.test1.cloud.switch.ch/v3/[email protected]";, - "previous": null - } + "users": [ + { + "description": "Local federated user", + "email": "[email protected]", + "id": "91665ebad88b497cb90eaf4f856357ec", + "name": "federated-user", + "domain_id": "default", + "enabled": true, + "password_expires_at": null, + "options": {}, + "links": { + "self": "https://identity.api.test1.cloud.switch.ch/v3/users/91665ebad88b497cb90eaf4f856357ec"; + } + }, + { + "description": "Local federated user", + "email": "[email protected]", + "id": "91665ebad88b497cb90eaf4f856357ec", + "name": "federated-user", + "domain_id": "default", + "enabled": true, + "password_expires_at": null, + "options": {}, + "links": { + "self": "https://identity.api.test1.cloud.switch.ch/v3/users/91665ebad88b497cb90eaf4f856357ec"; + } + } + ], + "links": { + "next": null, + "self": "https://identity.api.test1.cloud.switch.ch/v3/users?name=federated-user";, + "previous": null + } } The same problem with the openstack CLI: - $ openstack user show [email protected] - More than one user exists with the name '[email protected]'. - + $ openstack user show federated-user + More than one user exists with the name 'federated-user'. Why does this append? And why is the user by name returned twice? ** Description changed: I have a federated local user in the default domain: REQ: GET https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec RESP: 200: OK { "user": { "description": "Local federated user", "email": "[email protected]", "id": "91665ebad88b497cb90eaf4f856357ec", "name": "federated-user", "domain_id": "default", "enabled": true, "password_expires_at": null, "options": {}, "federated": [ { "idp_id": "eduid", "protocols": [ { "protocol_id": "openid", "unique_id": "[email protected]" } ] } ], "links": { - "self": "https://identity.api.test1.cloud.switch.ch/v3/users/91665ebad88b497cb90eaf4f856357ec"; + "self": "https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec"; } } } But when I try to get the user by name, it is returned twice: REQ: GET https://identity/v3/users?name=federated-user RESP: 200: OK { "users": [ { "description": "Local federated user", "email": "[email protected]", "id": "91665ebad88b497cb90eaf4f856357ec", "name": "federated-user", "domain_id": "default", "enabled": true, "password_expires_at": null, "options": {}, "links": { - "self": "https://identity.api.test1.cloud.switch.ch/v3/users/91665ebad88b497cb90eaf4f856357ec"; + "self": "https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec"; } }, { "description": "Local federated user", "email": "[email protected]", "id": "91665ebad88b497cb90eaf4f856357ec", "name": "federated-user", "domain_id": "default", "enabled": true, "password_expires_at": null, "options": {}, "links": { - "self": "https://identity.api.test1.cloud.switch.ch/v3/users/91665ebad88b497cb90eaf4f856357ec"; + "self": "https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec"; } } ], "links": { "next": null, - "self": "https://identity.api.test1.cloud.switch.ch/v3/users?name=federated-user";, + "self": "https://identity/v3/users?name=federated-user";, "previous": null } } The same problem with the openstack CLI: $ openstack user show federated-user More than one user exists with the name 'federated-user'. Why does this append? And why is the user by name returned twice? ** Description changed: + GET /v3/users?name=<USER_NAME> will return duplicates if the user have + federated data + + I have a federated local user in the default domain: REQ: GET https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec RESP: 200: OK { "user": { "description": "Local federated user", "email": "[email protected]", "id": "91665ebad88b497cb90eaf4f856357ec", "name": "federated-user", "domain_id": "default", "enabled": true, "password_expires_at": null, "options": {}, "federated": [ { "idp_id": "eduid", "protocols": [ { "protocol_id": "openid", "unique_id": "[email protected]" } ] } ], "links": { "self": "https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec"; } } } But when I try to get the user by name, it is returned twice: REQ: GET https://identity/v3/users?name=federated-user RESP: 200: OK { "users": [ { "description": "Local federated user", "email": "[email protected]", "id": "91665ebad88b497cb90eaf4f856357ec", "name": "federated-user", "domain_id": "default", "enabled": true, "password_expires_at": null, "options": {}, "links": { "self": "https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec"; } }, { "description": "Local federated user", "email": "[email protected]", "id": "91665ebad88b497cb90eaf4f856357ec", "name": "federated-user", "domain_id": "default", "enabled": true, "password_expires_at": null, "options": {}, "links": { "self": "https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec"; } } ], "links": { "next": null, "self": "https://identity/v3/users?name=federated-user";, "previous": null } } The same problem with the openstack CLI: $ openstack user show federated-user More than one user exists with the name 'federated-user'. - Why does this append? And why is the user by name returned twice? + Why does this append? + Why is the user by name returned twice? + + This is braking a lot of python code base on OpenstackSDK, typically the + code: + + api = openstack.connect() + user = api.identity.find_user('federated-user') + + will throw an exception! -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/2040299 Title: GET /v3/users?name=NAME returns duplicate Status in OpenStack Identity (keystone): New Bug description: GET /v3/users?name=<USER_NAME> will return duplicates if the user have federated data I have a federated local user in the default domain: REQ: GET https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec RESP: 200: OK { "user": { "description": "Local federated user", "email": "[email protected]", "id": "91665ebad88b497cb90eaf4f856357ec", "name": "federated-user", "domain_id": "default", "enabled": true, "password_expires_at": null, "options": {}, "federated": [ { "idp_id": "eduid", "protocols": [ { "protocol_id": "openid", "unique_id": "[email protected]" } ] } ], "links": { "self": "https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec"; } } } But when I try to get the user by name, it is returned twice: REQ: GET https://identity/v3/users?name=federated-user RESP: 200: OK { "users": [ { "description": "Local federated user", "email": "[email protected]", "id": "91665ebad88b497cb90eaf4f856357ec", "name": "federated-user", "domain_id": "default", "enabled": true, "password_expires_at": null, "options": {}, "links": { "self": "https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec"; } }, { "description": "Local federated user", "email": "[email protected]", "id": "91665ebad88b497cb90eaf4f856357ec", "name": "federated-user", "domain_id": "default", "enabled": true, "password_expires_at": null, "options": {}, "links": { "self": "https://identity/v3/users/91665ebad88b497cb90eaf4f856357ec"; } } ], "links": { "next": null, "self": "https://identity/v3/users?name=federated-user";, "previous": null } } The same problem with the openstack CLI: $ openstack user show federated-user More than one user exists with the name 'federated-user'. Why does this append? Why is the user by name returned twice? This is braking a lot of python code base on OpenstackSDK, typically the code: api = openstack.connect() user = api.identity.find_user('federated-user') will throw an exception! To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/2040299/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
