cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Prachi Damle (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-7073) Account/User creation: able to create user with the same name in the same domain in Clustered MS setup
Date Wed, 24 Dec 2014 20:08:16 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-7073?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14258499#comment-14258499
] 

Prachi Damle commented on CLOUDSTACK-7073:
------------------------------------------

1) >>Prachi, how do you know which user to remove? Remember, the real users stand behind
those records. Only customer can make this call.

I meant the duplicate users that are already removed, with removed field set.

2) >>Removed field to the constraint won't fix it. You can't have 2 users "alena"/"doman1"/inactive"
in the DB even if both of them are marked as removed

(username,domainid,inactive,removed) this set will work since:
- Only one active user with a given username is allowed
- If some user is removed, the value of the removed field will be different than another record
with same username getting removed later

Also, we should check if (username,domainid,removed) only will suffice. In that case no need
to add 'inactive' field.

3) Yes, adding a lock needs to be evaluated by testing.





> Account/User creation: able to create user with the same name in the same domain in Clustered
MS setup
> ------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-7073
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7073
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Management Server
>    Affects Versions: 4.5.0
>            Reporter: Alena Prokharchyk
>             Fix For: Future
>
>
> In the Java code we prohibit user to have duplicated names inside the same domain. But
in the DB the constraint is missing in cloud.account/cloud.user table, so it is still possible
to violate the rule by initiating the create call from parallel threads issued either by the
same MS, or by multiple MS in the clustered MS setup.
> To fix, have to introduce some kind of the global lock, or db constraint preventing multiple
threads to insert the record with the same username.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message