OpenStack Identity (keystone)

openstack service create allows duplicate names

Bug #1534473 reported by sandeep nandal
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Won't Fix
Undecided
Unassigned

Bug Description

$ openstack service create --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | fbf58f4a39624bcf9c434a99e5e081fa |
| name | keystone |
| type | identity |
+-------------+----------------------------------+

$ openstack service create --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | 7bd7431cbd2040a7a0d732560cbd4836 |
| name | keystone |
| type | identity |
+-------------+----------------------------------+

$ openstack service list
+----------------------------------+----------+----------+
| ID | Name | Type |
+----------------------------------+----------+----------+
| 7bd7431cbd2040a7a0d732560cbd4836 | keystone | identity |
| fbf58f4a39624bcf9c434a99e5e081fa | keystone | identity |
+----------------------------------+----------+----------+

Here we can see, that duplicate service names are created using openstack service create command.

Revision history for this message
Steve Martinelli (stevemar) wrote :

this is because the v2 API of keystone does not validate duplicate names, try the v3 APIs, it should.

Revision history for this message
sandeep nandal (nandal) wrote :

export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3

These were the variables, when i used the above command, I hope it uses version 3 only

Dean Troyer (dtroyer)
Changed in python-openstackclient:
status: New → Invalid
Revision history for this message
sandeep nandal (nandal) wrote :

openstack service create should complain about the duplicate entry and should not allow to add service with same name,
Because while using openstack service delete we can also provide the name of the service, and if we have duplicate service names,
then openstack service delete can not decide which entry to delete.

Changed in python-openstackclient:
status: Invalid → Confirmed
Revision history for this message
Reedip (reedip-banerjee-deactivatedaccount) wrote :

@sandeep nandal : Cant we use the ID of the service to delete it, even if the name is duplicated?

Revision history for this message
Dean Troyer (dtroyer) wrote :

OSC does not perform this sort of data validation. The server project make these decisions and the validation lies with them.

Changed in python-openstackclient:
status: Confirmed → Invalid
Revision history for this message
Sheel Rana (ranasheel2000) wrote :

Dear Steve,

I think this issue should be considered for keystone instead of OSC.
OSC does not validates names but keystone should validate names.

affects: python-openstackclient → keystone
Changed in keystone:
status: Invalid → New
Kanika Singh (kanikasingh-1490)
Changed in keystone:
assignee: nobody → Kanika Singh (kanikasingh-1490)
Revision history for this message
Sheel Rana (ranasheel2000) wrote :

I confirm this issue on V3.

sheel@sheel:~/openstackClient_SERVICE/python-openstackclient$ cat /home/sheel/Downloads/admin-openrc.sh
#!/usr/bin/env bash
export OS_AUTH_URL=http://10.0.2.15:5000/v3

sheel@sheel:~/openstackClient_SERVICE/python-openstackclient$ openstack service create --name keystone1 --description "OpenStack Identity" identity1
+-------------+----------------------------------+
| Field | Value |
 +-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | cbcb7f08bc7649aea8d878d64ecdf333 |
| name | keystone1 |
| type | identity1 |
 +-------------+----------------------------------+
sheel@sheel:~/openstackClient_SERVICE/python-openstackclient$ openstack service create --name keystone1 --description "OpenStack Identity" identity1
+-------------+----------------------------------+
| Field | Value |
 +-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | 0f30443cf01747619b8ea2edcb2292d7 |
| name | keystone1 |
| type | identity1 |
 +-------------+----------------------------------+
sheel@sheel:~/openstackClient_SERVICE/python-openstackclient$ openstack service list
+----------------------------------+-------------+----------------+
| ID | Name | Type |
 +----------------------------------+-------------+----------------+
| 0f30443cf01747619b8ea2edcb2292d7 | keystone1 | identity1 |
| cbcb7f08bc7649aea8d878d64ecdf333 | keystone1 | identity1 |
 +----------------------------------+-------------+----------------+

Changed in keystone:
status: New → Confirmed
Revision history for this message
David Stanek (dstanek) wrote :

In Keystone we don't store the name in its own database column. We jam it into 'extras'. So we can't effectively enforce uniqueness.

Revision history for this message
Steve Martinelli (stevemar) wrote :

We can't enforce uniqueness with service names and types, and we can't break backward compatibility.

Changed in keystone:
status: Confirmed → Won't Fix
assignee: Kanika Singh (kanikasingh-1490) → nobody
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.