OpenStack Identity (keystone)

drop support for EPHEMERAL user type in mapping

Bug #1601910 reported by Steve Martinelli
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Expired
Medium
Unassigned

Bug Description

With the shadow users implementation, federated users are no longer emphemeral. Support for specifying this option in a mapping should be removed. The option should be ignored and should result in a log that indicates a timeframe for removal (2 cycles)

See this blueprint for details: https://blueprints.launchpad.net/keystone/+spec/shadow-users-newton

See original description
Tags: federation
Revision history for this message
Steve Martinelli (stevemar) wrote :

patch: https://review.openstack.org/#/c/296639/

description: updated
Revision history for this message
Steve Martinelli (stevemar) wrote :

Bumping this to Ocata, it's low priority for newton and can be fixed when the federation mapping engine is fixed up next release.

Changed in keystone:
milestone: newton-3 → next
Steve Martinelli (stevemar)
Changed in keystone:
milestone: next → ocata-1
Steve Martinelli (stevemar)
Changed in keystone:
milestone: ocata-1 → ocata-2
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on keystone (master)

Change abandoned by Ron De Rose (<email address hidden>) on branch: master
Review: https://review.openstack.org/296639
Reason: Will create a new patch for this.

Steve Martinelli (stevemar)
Changed in keystone:
milestone: ocata-2 → none
Lance Bragstad (lbragstad)
Changed in keystone:
status: In Progress → Triaged
Revision history for this message
Lance Bragstad (lbragstad) wrote :

Automatically unassigning due to inactivity.

Changed in keystone:
assignee: Ron De Rose (ronald-de-rose) → nobody
sonu (sonu-bhumca11)
Changed in keystone:
assignee: nobody → sonu (sonu-bhumca11)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/570706

Changed in keystone:
status: Triaged → In Progress
Revision history for this message
Vishakha Agarwal (vishakha.agarwal) wrote :

Hi,

Is anyone working over it?? AS I am willing to work over it.

Thanks.

Revision history for this message
sonu (sonu-bhumca11) wrote :

Hi Vishakha,

Yeah I am working on it. I pushed a patch before.
ref : https://review.openstack.org/#/c/570706/

I will update it soon,

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: master
Review: https://review.openstack.org/633553

Changed in keystone:
assignee: sonu (sonu-bhumca11) → Vishakha Agarwal (vishakha.agarwal)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: master
Review: https://review.openstack.org/633757

Revision history for this message
Colleen Murphy (krinkle) wrote :

I don't think we can reasonably remove support for this without breaking the V3 API.

Revision history for this message
Lance Bragstad (lbragstad) wrote :

I had a discussion with @dstanek a couple years ago when we were enhancing the mapping engine to handle the auto-provisioning case. At that time, he had ideas about implementing a versioning mechanism specifically for mappings.

I don't really remember the details and I don't think they were written down, but that might be something to consider if we don't want to wait for v4.

Revision history for this message
Colleen Murphy (krinkle) wrote :

If we added versioning for the mapping API we would still need to support the old style mapping and so we still couldn't drop cruft from the backend.

In my opinion, continuing to support both explicitly local users as well as non-local "ephemeral"-but-not-really-anymore users has benefits, regardless of versioning problems.

Revision history for this message
Lance Bragstad (lbragstad) wrote :

I don't have a strong preference to remove ephemeral types. I think the reasoning in comment #12 is sufficient to close this out as Invalid or Won't Fix.

I'll let others weigh-in on the discussion if they feel differently before closing this out.

Revision history for this message
Lance Bragstad (lbragstad) wrote :

We discussed this at the team meeting today [0].

For now, I think it's safe to mark this as incomplete until we have a deep dive on the shadow user work and it intersects with this work.

[0] http://eavesdrop.openstack.org/meetings/keystone/2019/keystone.2019-02-05-16.01.log.html#l-77

Changed in keystone:
status: In Progress → Incomplete
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on keystone (master)

Change abandoned by Vishakha Agarwal (<email address hidden>) on branch: master
Review: https://review.openstack.org/633757

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Change abandoned by Vishakha Agarwal (<email address hidden>) on branch: master
Review: https://review.openstack.org/633553

Vishakha Agarwal (vishakha.agarwal)
Changed in keystone:
assignee: Vishakha Agarwal (vishakha.agarwal) → nobody
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for OpenStack Identity (keystone) because there has been no activity for 60 days.]

Changed in keystone:
status: Incomplete → Expired
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Change abandoned by "Gage Hugo <email address hidden>" on branch: master
Review: https://review.opendev.org/c/openstack/keystone/+/570706
Reason: Abandoning since there hasn't been any recent activity, if anyone wants to continue this work, please feel free to restore this or create a new change.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.