I agree that one way to tackle the issue is to stop guessing what is provided by the user but this would include some major breaking changes in the sdk and client. I would be fine with this solution.

The problem with keystone is that if the a request is issued e.g. `user show <name>` with a mysql db as the backend the name is passed in the query and the query raises the exception because

it expects to return exactly one user but with the id but it will not find the user because of a name passed in. There is no validation on the server. The values are just passed to the query and we hopefully
get back an answer. And such requests are polluting the logs of keystone and then in the long term you will not find any information in the

logs. But I have to look in the logs of newer versions of openstack than caracal to check what has been done to remove some of the exceptions.

But just one question with the different backends for keystone pointed out by artem: Wouldn't it be possible that one user has an id which is the name of an other user. This is highly theoretical and

I think it wont happen but it is a consideration and an argument to move away from the guessing what a user provides us and switch to an approach that the user must exactly define what will be provided.

Cheers ,

Niklas