Protocol can't be deleted after federated_user is created
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Rodrigo Duarte |
Bug Description
When authenticating a user via federation, a federated_user entry is created in keystone's database, an example of such entry is below:
mysql> select * from federated_user;
+----+-
| id | user_id | idp_id | protocol_id | unique_id | display_name |
+----+-
| 1 | 15ddf8fda20842c
+----+-
The federated_
Details: An unexpected error prevented the server from fulfilling your request: (pymysql.
This can be also happening with the "idp_id" column as well.
This prevents automated tests like [1] to properly work, since it creates and destroys the identity provider, mapping and protocol during its execution.
Changed in keystone: | |
assignee: | nobody → Ron De Rose (ronald-de-rose) |
Changed in keystone: | |
status: | New → Triaged |
importance: | Undecided → Medium |
tags: | added: federation |
tags: | added: test-improvement |
Changed in keystone: | |
assignee: | Ron De Rose (ronald-de-rose) → Rodrigo Duarte (rodrigodsousa) |
status: | Triaged → In Progress |
Changed in keystone: | |
milestone: | none → ocata-3 |
I would expect that the shadow user table would refer to the protocol via that key. In order to delete the protocol, we would need to delete all the entries that came in via that protocol. This should be possible with a cascading delete. But we might need to make this deliberate inside the Keystone Federation code.