A federated user has an entry in the 'federated_users' table and in the 'users' table. On the other hand, in keystone.identity.backends.sql.get_user_by_name we only look up names in the local_user table (https://github.com/openstack/keystone/blob/589152d094b248da81dc88db2449fb560985ae8b/keystone/identity/backends/sql.py#L191):
def get_user_by_name(self, user_name, domain_id): with sql.session_for_read() as session: query = session.query(model.User).join(model.LocalUser) query = query.filter(sqlalchemy.and_( model.LocalUser.name == user_name, model.LocalUser.domain_id == domain_id)) try: user_ref = query.one() except sql.NotFound: raise exception.UserNotFound(user_id=user_name) return base.filter_user(user_ref.to_dict())
This will never match for a federated user.
A federated user has an entry in the 'federated_users' table and in the 'users' table. On the other hand, in keystone. identity. backends. sql.get_ user_by_ name we only look up names in the local_user table (https:/ /github. com/openstack/ keystone/ blob/589152d094 b248da81dc88db2 449fb560985ae8b /keystone/ identity/ backends/ sql.py# L191):
def get_user_ by_name( self, user_name, domain_id): for_read( ) as session: query(model. User).join( model.LocalUser ) sqlalchemy. and_(
model. LocalUser. name == user_name,
model. LocalUser. domain_ id == domain_id))
user_ ref = query.one()
raise exception. UserNotFound( user_id= user_name) user(user_ ref.to_ dict())
with sql.session_
query = session.
query = query.filter(
try:
except sql.NotFound:
return base.filter_
This will never match for a federated user.