Project

General

Profile

Actions
Copy link

Bug #38619

closed

radosgw-admin user create can be executed repeatedly

Added by Hughen X about 5 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Target version:
-
% Done:

0%

Source:
Tags:
easy first bug
Backport:
Regression:
No
Severity:
2 - major
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
31901
Crash signature (v1):
Crash signature (v2):

Description

Background:
ceph version: 12.2.7 (3ec878d1e53e1aeb47a9f619c49d9e7c0aa384d5) luminous (stable)

Step to reproduce:

radosgw-admin user info --uid="test-user" 


{
    "user_id": "test-user",
    "display_name": "test-user",
    "email": "test-user@a.com",
    "keys": [
        {
            "user": "test-user",
            "access_key": "AAAAAAAAAAAAAAAAAAA",
            "secret_key": "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB" 
        }
    ],
}

test-user already exists, then I can continue to use the create command but nothing seems to happen.
radosgw-admin user create --uid=test-user --display-name="test-user"

But if I use the following command, I will receive an error that the user already has, and the exit code of the radosgw-admin command is 17

radosgw-admin user create --uid=test-user

# could not create user: unable to create user, user: test-user exists

Problem:
Why is there such a difference after the --diplay-name parameter?

In addition, I think the semantics of the interface design for creating users in the object storage Admin Ops API are not clear.
Since all users are created, if this user already exists, it should return the error of UserExists or EmailExists, instead of adding a key for the user, as it is now.

Actions
Copy link
 #1

Updated by Hughen X about 5 years ago

Background:
ceph version: 12.2.7 (3ec878d1e53e1aeb47a9f619c49d9e7c0aa384d5) luminous (stable)

Step to reproduce:
radosgw-admin user info --uid="test-user" 


{
    "user_id": "test-user",
    "display_name": "test-user",
    "email": "test-user@a.com",
    "keys": [
        {
            "user": "test-user",
            "access_key": "AAAAAAAAAAAAAAAAAAA",
            "secret_key": "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB" 
        }
    ],
}

test-user already exists, then I can continue to use the create command but nothing seems to happen.
radosgw-admin user create --uid=test-user --display-name="test-user"

But if I use the following command, I will receive an error that the user already has, and the exit code of the radosgw-admin command is 17

radosgw-admin user create --uid=test-user

# could not create user: unable to create user, user: test-user exists

Problem:
Why is there such a difference after the --diplay-name parameter?

In addition, I think the semantics of the interface design for creating users in the object storage Admin Ops API are not clear.
Since all users are created, if this user already exists, it should return the error of UserExists or EmailExists, instead of adding a key for the user, as it is now.

Actions
Copy link
 #2

Updated by Greg Farnum about 5 years ago

  • Project changed from Ceph to rgw
  • Category deleted (librados)
Actions
Copy link
 #3

Updated by Abhishek Lekshmanan about 5 years ago

  • Tags changed from radosgw-admin user create repeatedly to easy first bug
Actions
Copy link
 #4

Updated by Abhishek Lekshmanan about 5 years ago

  • Description updated (diff)
Actions
Copy link
 #5

Updated by Matthew Oliver over 4 years ago

So I've looked into the code. If you supply a display name or an email and the user already exists, execute_modify is called. So will go modify the email or display name on the existing user. This is because display name and email are mutable settings.

So seems this is expected behaviour. However, I'll add message before directing down the 'execute_modify' path to say that the user already exists, modifying existing user, so this is more clear.

Actions
Copy link
 #6

Updated by Matthew Oliver over 4 years ago

Actually what I said is wrong. If I try and use a different display-name (or email) then what was already created then we get:

$ radosgw-admin user create --uid=test-user --display-name="test-user2" 
could not create user: unable to create user, user: test-user exists

So will fix it another way :)

Actions
Copy link
 #7

Updated by Matthew Oliver over 4 years ago

Ok, me spamming again. It you can modify, just not the email or the display name. Ie. I can add access and secret keys.

When you add --display-name it checks it with the it's still the same in the existing one and if so, redirects it to the execute_modify. Even if there isn't anything to change.

Question really is, is this modify approach really what we want?

for now I'll raise a patch to add the user exists message, so at least the user is told that before calling execute_modify.

Actions
Copy link
 #8

Updated by Matthew Oliver over 4 years ago

Actions
Copy link
 #9

Updated by Casey Bodley about 4 years ago

  • Status changed from New to Fix Under Review
  • Pull request ID set to 31901
Actions
Copy link
 #10

Updated by Casey Bodley over 3 years ago

  • Status changed from Fix Under Review to Resolved
Actions
Copy link

Also available in: Atom PDF