GET /role_assignments?include_names API is blocked with 404 error when a user doesn't exists in identity backend
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Kristi Nikolla | ||
Ocata |
Fix Released
|
Medium
|
Divya K Konoor |
Bug Description
In an environment like ldap server as identity backend, where users are assigned roles it insert records in keystone.assignment table. After a while if an admin removes one of the user say "user1" from identity backend, role assignment still persists in keystone.assignment table for "user1".
So when a someone invokes [0], it fetches all role assignments at [1], then tries to get usernames at [2] by iterating though each of the user_id in resultant role assignments at [3]. since "user1" doesn't exits, it is throwing "Could not find user: user1." with 404 error which we need to handle it.
[0] GET /v3/role_
[1] https:/
[2] https:/
[3] https:/
tags: | added: ldap |
Changed in keystone: | |
importance: | Undecided → Medium |
tags: | added: ocata-backport-potential |
Changed in keystone: | |
milestone: | none → pike-1 |
Fix proposed to branch: master /review. openstack. org/458954
Review: https:/