OpenStack Identity (keystone)

  1. Bug #1642687
  2. Comment #8

Comment 8 for bug 1642687

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/409874
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=2bd88d30e1d2873470af7f40db45a99e07e12ce6
Submitter: Jenkins
Branch: master

commit 2bd88d30e1d2873470af7f40db45a99e07e12ce6
Author: Ronald De Rose <email address hidden>
Date: Mon Dec 12 17:49:13 2016 +0000

    Add domain_id to the user table

    All users (including federated) should belong to a domain. Currently,
    the domain_id is being populated in the local_user and nonlocal_user
    (ldap) tables. However, it isn't being set for federated users. This
    patch moves the domain_id up to the user table, and creates composite
    foreign key (fk) relationships to the local_user and nonlocal_user
    tables, as the domain_id is still needed in those tables to enforce
    user name uniqueness:

    +-----------+
    | user |
    | (pk) id |
    | domain_id |
    +-----------+
    1:1
    +----------------+
    | local_user | (and nonlocal_user)
    | (pk) id |
    | (fk) user_id |
    | (fk) domain_id |
    +----------------+

    Likewise, creating a unique constraint on user (id, domain_id) to
    support the new composite fk.

    This will allow us to set the domain_id in the user table and ensure
    that it is in sync with the local_user and nonlocal_user tables, such
    that a user belongs to a domain.

    Partial-Bug: #1642687
    Partially-Implements: bp support-federated-attr
    Change-Id: I08a8f3cb59150c8e9a2f90c5ea6b0aa197a03572