Handle auto created domain when creating duplicate idp in federation

Bug #1688188 reported by yangweiwei on 2017-05-04
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Medium
yangweiwei

Bug Description

If we create an idp with ID 'keystone-ipd', then we create idp with the same ID.
We get the result like 'conflict happens', it is ok.
But when I see the domain list. the auto generated domain still here.

I think, the second idp was created failed, then the resource auto generated it used should be cleared.
If we create an idp specifing the domain, the idp was created failed and the specifing domain was not auto generated, so the resource should not be cleared.

Fix proposed to branch: master
Review: https://review.openstack.org/462408

Changed in keystone:
assignee: nobody → yangweiwei (496176919-6)
status: New → In Progress
summary: - Handel auto created domain when creating duplicate idp in federation
+ Handle auto created domain when creating duplicate idp in federation
Changed in keystone:
importance: Undecided → Medium
Lance Bragstad (lbragstad) wrote :

I was able to recreate this locally with a test - https://review.openstack.org/#/c/463079/1

Reviewed: https://review.openstack.org/463079
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=c668400d525eb51d3f90991e6ea68225815efe9a
Submitter: Jenkins
Branch: master

commit c668400d525eb51d3f90991e6ea68225815efe9a
Author: Lance Bragstad <email address hidden>
Date: Sat May 6 03:25:59 2017 +0000

    Expose a bug in domain creation from idps

    When creating an identity provider, a domain will be created with it
    if it isn't already provided. If a database conflict occurs when an
    identity provider is created, the domain associated with it isn't
    cleaned up. This essentially orphans a domain that shouldn't have
    been created because the identity provider was never successfully
    created.

    Change-Id: Ie59d21abda422d4e9668725de4604ab99701dc59
    Related-Bug: 1688188

tags: added: ocata-backport-potential
Changed in keystone:
milestone: none → pike-3
Changed in keystone:
milestone: pike-3 → pike-rc1
Changed in keystone:
assignee: yangweiwei (496176919-6) → Lance Bragstad (lbragstad)
Changed in keystone:
assignee: Lance Bragstad (lbragstad) → yangweiwei (496176919-6)

Reviewed: https://review.openstack.org/462408
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=6e60948c20e9a8fe5469bb7735641026a1f36cd5
Submitter: Jenkins
Branch: master

commit 6e60948c20e9a8fe5469bb7735641026a1f36cd5
Author: yangweiwei <email address hidden>
Date: Thu Jun 29 18:49:33 2017 +0800

    Handle auto-generated domains when creating IdPs

    When creating an IdP, if a domain was generated for it and a conflict
    was raised while effectively creating the IdP in the database, the
    auto-generated domain is now cleaned up.

    Change-Id: I9b7c3c1fae32b9412f75323a75d9ebe4ad756729
    Closes-Bug: #1688188

Changed in keystone:
status: In Progress → Fix Released

This issue was fixed in the openstack/keystone 12.0.0.0rc1 release candidate.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers