7597ecc135
Problem description =================== Today we have a consistency problem when updating federated users via OpenStack. When I update a ephemeral user via OpenStack, a registry in the local_user table is created, making this user having entries in user, local_user and federated_user tables in the database. Furthermore, if I try to do some operations using this user (that has entries in all three tables), I get a "More than one user exists with the name ..." error from the OpenStack Keystone API. It happens because the user has an entry in both local_user and federated_user tables. I fix the persistence in the local_user table for ephemeral users when doing updates. Proposal ======== I fix the problem with creating an entry in the local_user table while updating an ephemeral user Closes-Bug: #1848342 Change-Id: I2ac6e90f24b94dc5c0d9c0758f008a388597036c
24 lines
1.0 KiB
YAML
24 lines
1.0 KiB
YAML
---
|
|
fixes:
|
|
- |
|
|
[`bug 1848342 <https://bugs.launchpad.net/keystone/+bug/1848342>`_]
|
|
There was an inconsistency in the ephemeral user update flow. Every time a
|
|
federated user logged in, keystone created an entry in the local_user
|
|
table instead of just updating the entries in the user and federated_user
|
|
tables, which caused duplicate entries when listing users. Now, the
|
|
keystone will not create the entry in the local_user table while updating
|
|
an ephemeral user.
|
|
|
|
If you are affected by this bug, a fix in the keystone database will be
|
|
needed so we recommend to dump the users' tables before doing this process:
|
|
|
|
mysql db example:
|
|
- mysqldump -h <mysql host> -p -P <mysql port> -u keystone keystone federated_user local_user user > user_tables.sql
|
|
- mysql -h <mysql host> -D keystone -p -P <mysql port> -u keystone -e 'delete from local_user where user_id in (select user_id from federated_user);'
|
|
|
|
SQL:
|
|
- delete from local_user where user_id in (select user_id from federated_user);
|
|
|
|
|
|
|