Keystone v2 list users by name should be supported to avoid potential performance problem
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| python-keystoneclient |
Won't Fix
|
Low
|
Unassigned | ||
Bug Description
We have a case where users are provided by LDAP backend. There are over 400,000 users in the global enterprise directory. Before creating the service users, TripleO first make sure the given user does not already exist. This is done by calling keystoneclient.
https:/
This is problematic because keystoneclient will attempt to fetch ALL the users and then do a linear search. See
https:/
This results in either connection timeout or incomplete list being return as there are simply too many users. Turns out, keystoneclient.
https:/
We can’t filter on name even though the API supports it. See
https:/
Lookup user by name support should be supported by python-
| Steve Martinelli (stevemar) wrote | #1 |
| Changed in python-keystoneclient: | |
| assignee: | nobody → rajiv (rajiv-kumar) |
| OpenStack Infra (hudson-openstack) wrote Fix proposed to python-keystoneclient (master) | #2 |
| Changed in python-keystoneclient: | |
| status: | New → In Progress |
| Changed in python-keystoneclient: | |
| importance: | Undecided → Low |
| Boris Bobrov (bbobrov) wrote | #3 |
| Changed in python-keystoneclient: | |
| status: | In Progress → Confirmed |
| assignee: | rajiv (rajiv-kumar) → nobody |
| OpenStack Infra (hudson-openstack) wrote Change abandoned on python-keystoneclient (master) | #4 |
| Morgan Fainberg (mdrnstm) wrote | #5 |
| Changed in python-keystoneclient: | |
| status: | Confirmed → Won't Fix |
i think filtering by name (calling .list() with the correct filters) would solve some issues, especially where we are using .find() (which is listing and doing a linear search). It won't help the overall performance issues, but it's a start.