Update role using LDAP backend with same name fails
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Brant Knudson | ||
Juno |
Fix Released
|
Medium
|
Brant Knudson |
Bug Description
When the keystone server is configured to use the LDAP backend for assignments and a role is updated to have the same name the operation fails saying that you can't create a role because another role with the same name already exists.
The keystone server should just accept the request and ignore the change rather than failing.
To recreate:
0. Start with a devstack install using LDAP for assignment backend
1. Get a token
$ curl -i \
-H "Content-Type: application/json" \
-d '
{ "auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": "admin",
"domain": { "id": "default" },
}
}
},
"scope": {
"project": {
"name": "demo",
"domain": { "id": "default" }
}
}
}
}' \
http://
$ TOKEN=...
2. List roles
$ curl \
-H "X-Auth-Token: $TOKEN" \
http://
$ ROLE_ID=
3. Update a role with the same name.
$ curl -X PATCH \
-H "X-Auth-Token: $TOKEN" \
-H "Content-Type: application/json" \
-d '{"role": {"name": "anotherrole"}}' \
http://
{"error": {"message": "Cannot duplicate name {'id': u'36a9eede308d4
The operation should have worked.
Changed in keystone: | |
assignee: | nobody → Brant Knudson (blk-u) |
Changed in keystone: | |
importance: | Undecided → Low |
Changed in keystone: | |
importance: | Low → Medium |
Changed in keystone: | |
milestone: | none → kilo-1 |
status: | Fix Committed → Fix Released |
tags: | removed: in-stable-juno |
Changed in keystone: | |
milestone: | kilo-1 → 2015.1.0 |
Fix proposed to branch: master /review. openstack. org/141234
Review: https:/