[openstack-dev] [keystone] Case sensitivity & backend databases
mark.washenberger at markwash.net
Wed Nov 13 19:24:00 UTC 2013
Resurrecting this thread. . .
I think I'm misunderstanding where we landed on this issue. On the one
hand, it seems like there are tests to assert that uniqueness of names is
case-sensitive. On the other, some folks have identified reasons why they
would want case-insensitivity on uniqueness checks for creating new users.
Still others I think have wisely pointed out that we should probably get
out of the business of creating users.
Trying to incorporate all of these perspectives, I propose the following:
1) We add a configuration option to just the keystone sql identity driver
to force case-sensitivity on uniqueness checks. I'm pretty sure there is a
way to do this in sqlalchemy, basically whatever is equivalent to 'SELECT *
FROM user WHERE BINARY name = %s'. This config option would only affect
create_user and update_user.
2) We always force case-sensitive comparison for get_user_by_name, using a
similar mechanism as above.
By focusing on changes to queries we needn't bother with a migration and
can make the behavior a deployer choice.
Is this a bad goal or approach?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev