Keystone v2 list users by name should be supported to avoid potential performance problem
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-keystoneclient |
Won't Fix
|
Low
|
Unassigned |
Bug Description
We have a case where users are provided by LDAP backend. There are over 400,000 users in the global enterprise directory. Before creating the service users, TripleO first make sure the given user does not already exist. This is done by calling keystoneclient.
https:/
This is problematic because keystoneclient will attempt to fetch ALL the users and then do a linear search. See
https:/
This results in either connection timeout or incomplete list being return as there are simply too many users. Turns out, keystoneclient.
https:/
We can’t filter on name even though the API supports it. See
https:/
Lookup user by name support should be supported by python-
Changed in python-keystoneclient: | |
assignee: | nobody → rajiv (rajiv-kumar) |
Changed in python-keystoneclient: | |
importance: | Undecided → Low |
i think filtering by name (calling .list() with the correct filters) would solve some issues, especially where we are using .find() (which is listing and doing a linear search). It won't help the overall performance issues, but it's a start.