Keystone 15.0.0-0ubuntu1~cloud0
DISTRIB_CODENAME=bionic
Charm cs:keystone-306 keystone-saml-mellon-3
We had a situation where two user accounts were found with the same name and user ID in both the local_user and federated_user table. This meant that running `openstack user show --domain mydomain username2` would fail with "More than one user exists with the name 'username2'". Listing users would show only one user account, and using the user uuid to 'user show' was working fine.
I ended up removing the two rows from local_user to work around this.
The bug however, is that federated users with the same name as one that was already located in local_user shouldn't be created like that.
mysql> select * from local_user;
+-----+----------------------------------+----------------------------------+-------------------------------+-------------------+----------------+
| id | user_id | domain_id | name | failed_auth_count | failed_auth_at |
+-----+----------------------------------+----------------------------------+-------------------------------+-------------------+----------------+
| 3 | 1e0099400dd34adeba2ed6751064227a | 87fb238ef6d0430cbda59b08e3a1ea82 | admin | 0 | NULL |
| 6 | 8840d047cca346e6a00e435306f72ffc | a1effaa626284677ade0fbe3e85c59bd | cinderv2_cinderv3 | 0 | NULL |
| 9 | d71b70de0cdd4beba2e5f1d3842c93b1 | fa58dfa26889413e85b4855837952b74 | cinderv2_cinderv3 | 0 | NULL |
| 12 | d0750dcc890543918fe043eb5782e0ed | a1effaa626284677ade0fbe3e85c59bd | gnocchi | 0 | NULL |
| 15 | c870e8dc427841c08fbba94b824f5765 | fa58dfa26889413e85b4855837952b74 | gnocchi | 0 | NULL |
| 18 | 964d6a7b3d8d4a49ac2ef2accd5350d3 | a1effaa626284677ade0fbe3e85c59bd | neutron | 0 | NULL |
| 21 | e1e77e91a9ed4dde8230d80b752d4f5c | fa58dfa26889413e85b4855837952b74 | neutron | 0 | NULL |
| 24 | d090c19794dd4f27b08deab6713bd4ac | a1effaa626284677ade0fbe3e85c59bd | nova_placement | 0 | NULL |
| 27 | 9fbb011ce1fc495ebf716d5cb56cd007 | fa58dfa26889413e85b4855837952b74 | nova_placement | 0 | NULL |
| 30 | 1bad96de0fcd41a3b30d2c4e4ad9bb05 | a1effaa626284677ade0fbe3e85c59bd | octavia | 0 | NULL |
| 33 | f4da2edc5e8f461b8d71eee67eabe4c2 | fa58dfa26889413e85b4855837952b74 | octavia | 0 | NULL |
| 36 | a4d97a3a5a6644eb92848b9ea40ba71f | a1effaa626284677ade0fbe3e85c59bd | barbican | 0 | NULL |
| 39 | 4d827a03abb24855b6cc37602fe346a5 | fa58dfa26889413e85b4855837952b74 | barbican | 0 | NULL |
| 42 | 63b4389e35e446199b4e6a57a789e89c | a1effaa626284677ade0fbe3e85c59bd | aodh | 0 | NULL |
| 45 | 3222d274dd0347a080b5371a348356b3 | fa58dfa26889413e85b4855837952b74 | aodh | 0 | NULL |
| 48 | 957f4a409dec46c6b44f38a80949f7d1 | a1effaa626284677ade0fbe3e85c59bd | swift | 0 | NULL |
| 51 | 8a89ed1cd1984814b544070295a2854f | fa58dfa26889413e85b4855837952b74 | swift | 0 | NULL |
| 54 | 1ee61ad58f0948eab3c43fdf95790dcd | a1effaa626284677ade0fbe3e85c59bd | designate | 0 | NULL |
| 57 | 32475aeb4dc0469080581f9acc9f7905 | fa58dfa26889413e85b4855837952b74 | designate | 0 | NULL |
| 60 | 79b9411206524f00b0d05d3112a03840 | a1effaa626284677ade0fbe3e85c59bd | glance | 0 | NULL |
| 63 | 35257eb811d84e0091381e74d4fbca21 | fa58dfa26889413e85b4855837952b74 | glance | 0 | NULL |
| 66 | d07d3c3c619c4478b196bb81b8a4ced5 | a1effaa626284677ade0fbe3e85c59bd | heat_heat-cfn | 0 | NULL |
| 69 | 5f35abc07a2141d1aad22c3beb59c802 | fa58dfa26889413e85b4855837952b74 | heat_heat-cfn | 0 | NULL |
| 72 | 6a615b68427a480a98cca6807ba2388d | fa58dfa26889413e85b4855837952b74 | nagios | 0 | NULL |
| 75 | 82762b9e71b0423888833e3a13df80ff | fa58dfa26889413e85b4855837952b74 | prometheus-openstack-exporter | 0 | NULL |
| 78 | 0f04dc8d78e045c0915cf9a08a53aa96 | fa58dfa26889413e85b4855837952b74 | ceilometer | 0 | NULL |
| 81 | d3b07f907b454f7294bbf168c28c38aa | 12ba878696e54f7c91a2ef9001d93e99 | heat_domain_admin | 0 | NULL |
| 84 | e367233542454164ac8b90dc1722d9f2 | 87fb238ef6d0430cbda59b08e3a1ea82 | cloudadmin | 0 | NULL |
| 141 | 77e255c3967c400a8a8d7de55338d09b | 6d4704c1a6164c70a4763ac886bcf228 | landscape | NULL | NULL |
| 165 | 713a08bae9dc4640ace34da1cffb2b77 | 6d4704c1a6164c70a4763ac886bcf228 | domainadmin | 0 | NULL |
| 168 | e17783fa996a4ff9b4563c9d69360c86 | 6d4704c1a6164c70a4763ac886bcf228 | username1 | 0 | NULL |
| 171 | f110007ded3548efaf46e89146951524 | 6d4704c1a6164c70a4763ac886bcf228 | username2 | 0 | NULL |
| 175 | af7dd6f186a3407f9f200bc40c51eeb6 | 6d4704c1a6164c70a4763ac886bcf228 | demouser | 0 | NULL |
+-----+----------------------------------+----------------------------------+-------------------------------+-------------------+----------------+
mysql> select * from federated_user;
+----+----------------------------------+----------+-------------+-------------------------------+-----------------------------+
| id | user_id | idp_id | protocol_id | unique_id | display_name |
+----+----------------------------------+----------+-------------+-------------------------------+-----------------------------+
| 3 | e17783fa996a4ff9b4563c9d69360c86 | fs-domain | mapped | username1 | username1 |
| 6 | af0c5dd0f10b46d89189a5b004829d11 | fs-domain | mapped | username3 | username3 |
| 51 | f110007ded3548efaf46e89146951524 | fs-domain | mapped | username2 | username2 |
| 52 | abdbfae630834c0a92385620a283760d | fs-domain | mapped | username4 | username4 |
+----+----------------------------------+----------+-------------+-------------------------------+-----------------------------+
[Expired for OpenStack keystone charm because there has been no activity for 60 days.]