| *** mhen_ is now known as mhen | 01:30 | |
| breton | i tried to research the issue ^^ more. I could not reproduce it on any upstream code at all. The unique constraint is always there, at least since xena. I could not spin up older releases, but meh. | 11:51 |
|---|---|---|
| breton | Our cloud is running for many years already, and it is hard to understand why we don't have the constraint. I think i will need to check our other constraints too... | 11:52 |
| breton | The constraint prevents creation of trusts with the same (trustor, trustee, project, impersonation, expires_at). The constraint "works" only when expires_at is not None, which is why none of the code i linked gets broken. | 11:55 |
| breton | I still don't understand the rationale behind the constraint. It kind of discourages a user from creating expiring trusts, because there is this error that can be worked around by not providing expiry date at all. | 11:57 |
| breton | Like what's the point of forbidding 2 trusts expiring at midnight, but allowing one that expires at midnight and the other at 00:00:01? | 11:58 |
| breton | i will create a bugreport about it | 11:59 |
| breton | ok, i went to create the bugreport, and what i have found: https://bugs.launchpad.net/keystone/+bug/1475091 | 12:20 |
| opendevreview | Takashi Kajinami proposed openstack/keystone-tempest-plugin master: Add stable/2025.1 job https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/947107 | 12:29 |
| gtema | breton - I have figured out (at least on pgsql) that unique constraint is not really working when one of the fields is empty, apparently that is at least some sort of explanation for the issue | 17:06 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!