Attempt to assign a role to a non existent user should fail
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Opinion
|
Undecided
|
Unassigned |
Bug Description
I use tempest tests get the following error:
=======
StringException: Traceback (most recent call last):
File "/usr/lib/
tenant ['id'], 'junk-user-id-999', role ['id'])
File "/usr/lib/
self.
File "/usr/lib/
raise mismatch_error
MismatchError: <bound method IdentityClientJ
=======
by testing found that "assign a role to a user that does not exist is a success."
See attachment Screenshot by postman
Changed in keystone: | |
status: | Incomplete → New |
Junk-user-id-999 user does not exist,but the keystone but return success
keystone user-list ------- ------- ------- ------- +------ ---+--- ------+ ------- ------- ------- -+ ------- ------- ------- ------- +------ ---+--- ------+ ------- ------- ------- -+ 0b2d02dbcd390a4 b8 | admin | True | <email address hidden> | da22bd1152a60d2 f9 | cinder | True | <email address hidden> | 2bde9ecacb12067 b1 | demo | True | <email address hidden> | 8aa8b33684a105d 07 | glance | True | <email address hidden> | bbec7712e43e5c3 c3 | neutron | True | <email address hidden> | 09ff1c44adda076 68 | nova | True | <email address hidden> | ------- ------- ------- ------- +------ ---+--- ------+ ------- ------- ------- -+
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
+------
| id | name | enabled | email |
+------
| 65029a34d27b407
| 398a961477e24ec
| 414a225f713f4a7
| e7f707c354e8444
| 40843344f69349c
| f2c0b7f6749241a
+------
keystone log: tenants/ e6ad3d4773c14d6 1b6b6514f3c18c0 85/users/ junk-user- id-999/ roles/OS- KSADM/69967fb5e e9 987c89 HTTP/1.1" 200 230 0.042752
"PUT /v2.0//
447dd83de032c7b
mysql/keystone: ------- +------ ------- -----+- ------- ------- ------- ------- -----+- ------- ------- ------- ------- -----+- ------- ---+ ------- +------ ------- -----+- ------- ------- ------- ------- -----+- ------- ------- ------- ------- -----+- ------- ---+ ea10ccee838a885 d3 | 3e3078fa670c412 f928dfbb15f4938 b8 | 0 | ------- +------ ------- -----+- ------- ------- ------- ------- -----+- ------- ------- ------- ------- -----+- ------- ---+
mysql> select * from assignment where actor_id = 'junk-user-id-999';
+------
| type | actor_id | target_id | role_id | inherited |
+------
| UserProject | junk-user-id-999 | a7d2f048f3b244d
+------
1 row in set (0.00 sec)