yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #26488
[Bug 1405726] [NEW] Federation, getting scoped token results in error.
Public bug reported:
I am using federation.
Following are the commands I executed.
I already have an admin_group created that is gets mapped to when user is back from doing saml authentication with IdP.
I then do
openstack role add --group admin_group --domain default admin
curl --insecure -X GET https://172.20.14.16:35357/v3/OS-FEDERATION/domains -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "X-Auth-Token: 58e6ceef8dcf4aceb508323e5a2a7c35"
{"domains": [{"links": {"self": "https://172.20.14.16:5000/v3/domains/default"}, "enabled": true, "description": "Owns users and tenants (i.e. projects) available on Identity API v2.", "name": "Default", "id": "default"}], "links": {"self": "https://172.20.14.16:5000/v3/OS-FEDERATION/domains";, "previous": null, "next": null}}
openstack role add --group admin_group --project admin admin
curl --insecure -X GET https://172.20.14.16:35357/v3/OS-FEDERATION/projects -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "X-Auth-Token: 58e6ceef8dcf4aceb508323e5a2a7c35"
****************command to get scoped token*********************************
curl --insecure -X POST POST https://sp.machine:35357/v3/auth/tokens -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "X-Auth-Token: 58e6ceef8dcf4aceb508323e5a2a7c35" -d '{"auth":{"identity":{"methods":["saml2"],"saml2":{"id":"58e6ceef8dcf4aceb508323e5a2a7c35"}},"scope":{"project":{"domain": {"id": "default"},"name":"admin"}}}}'
This gives an error as follows
2014-12-26 05:58:14.622 26820 ERROR keystone.common.wsgi [-] (ProgrammingError) ibm_db_dbi::ProgrammingError: SQLNumResultCols failed: [IBM][CLI Driver][DB2/LINUXX8664] SQL0134N Improper use of a string column, host variable, constant, or function "ROLE_EXTRA". SQLSTATE=42907 SQLCODE=-134 'SELECT DISTINCT role.id AS role_id, role.name AS role_name, role.extra AS role_extra \nFROM role, assignment \nWHERE assignment."type" = ? AND assignment.target_id = ? AND role.id = assignment.role_id AND assignment.actor_id IN (?)' ('GroupProject', 'c9efdd57ae9d4f5f97d07424c5c4da90', '83ef4a24bf18480f849e903ddfaba7a9')
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi Traceback (most recent call last):
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/common/wsgi.py", line 207, in __call__
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi result = method(context, **params)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/auth/controllers.py", line 343, in authenticate_for_token
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi domain_id, auth_context, trust, metadata_ref, include_catalog)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/common/manager.py", line 78, in _wrapper
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi return f(*args, **kw)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/token/providers/common.py", line 428, in issue_v3_token
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi domain_id)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/token/providers/common.py", line 503, in _handle_saml2_tokens
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi group_ids, project_id, domain_id, user_id)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/token/providers/common.py", line 199, in _populate_roles_for_groups
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi domain_id)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/common/manager.py", line 78, in _wrapper
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi return f(*args, **kw)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/assignment/backends/sql.py", line 320, in get_roles_for_groups
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi return [role.to_dict() for role in query.all()]
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib64/python2.6/site-packages/sqlalchemy/orm/query.py", line 2115, in all
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi return list(self)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib64/python2.6/site-packages/sqlalchemy/orm/query.py", line 2227, in __iter__
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi return self._execute_and_instances(context)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib64/python2.6/site-packages/sqlalchemy/orm/query.py", line 2242, in _execute_and_instances
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi result = conn.execute(querycontext.statement, self._params)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib64/python2.6/site-packages/sqlalchemy/engine/base.py", line 1449, in execute
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi params)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib64/python2.6/site-packages/sqlalchemy/engine/base.py", line 1584, in _execute_clauseelement
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi compiled_sql, distilled_params
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib64/python2.6/site-packages/sqlalchemy/engine/base.py", line 1698, in _execute_context
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi context)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib64/python2.6/site-packages/sqlalchemy/engine/base.py", line 1691, in _execute_context
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi context)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/ibm_db_sa/ibm_db.py", line 104, in do_execute
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi cursor.execute(statement, parameters)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib64/python2.6/site-packages/ibm_db_dbi.py", line 1334, in execute
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi self._set_cursor_helper()
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib64/python2.6/site-packages/ibm_db_dbi.py", line 1217, in _set_cursor_helper
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi raise self.messages[len(self.messages) - 1]
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi ProgrammingError: (ProgrammingError) ibm_db_dbi::ProgrammingError: SQLNumResultCols failed: [IBM][CLI Driver][DB2/LINUXX8664] SQL0134N Improper use of a string column, host variable, constant, or function "ROLE_EXTRA". SQLSTATE=42907 SQLCODE=-134 'SELECT DISTINCT role.id AS role_id, role.name AS role_name, role.extra AS role_extra \nFROM role, assignment \nWHERE assignment."type" = ? AND assignment.target_id = ? AND role.id = assignment.role_id AND assignment.actor_id IN (?)' ('GroupProject', 'c9efdd57ae9d4f5f97d07424c5c4da90', '83ef4a24bf18480f849e903ddfaba7a9')
This is happening because of the distinct clause on the select query when the extra column is a json blob.
There are two ways to fix this.
1) Remove the distinct - I tried this and it worked.
310 sql_constraints = sqlalchemy.and_(
311 RoleAssignment.type == assignment_type,
312 RoleAssignment.target_id == target_id,
313 Role.id == RoleAssignment.role_id,
314 RoleAssignment.actor_id.in_(group_ids))
315
316 session = sql.get_session()
*317 with session.begin():
318 query = session.query(Role).filter(
319 sql_constraints)#.distinct()*
320 return [role.to_dict() for role in query.all()]
in "/usr/lib/python2.6/site-
packages/keystone/assignment/backends/sql.py"
2) Cast the json blob to a varchar(xxx).
** Affects: keystone
Importance: Undecided
Status: New
** Description changed:
I am using federation.
Following are the commands I executed.
I already have an admin_group created that is gets mapped to when user is back from doing saml authentication with IdP.
I then do
openstack role add --group admin_group --domain default admin
- curl --insecure -X GET https://172.20.14.16:35357/v3/OS-FEDERATION/domains -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "X-Auth-Token: 58e6ceef8dcf4aceb508323e5a2a7c35"
+ curl --insecure -X GET https://172.20.14.16:35357/v3/OS-FEDERATION/domains -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "X-Auth-Token: 58e6ceef8dcf4aceb508323e5a2a7c35"
{"domains": [{"links": {"self": "https://172.20.14.16:5000/v3/domains/default"}, "enabled": true, "description": "Owns users and tenants (i.e. projects) available on Identity API v2.", "name": "Default", "id": "default"}], "links": {"self": "https://172.20.14.16:5000/v3/OS-FEDERATION/domains";, "previous": null, "next": null}}
-
openstack role add --group admin_group --project admin admin
curl --insecure -X GET https://172.20.14.16:35357/v3/OS-FEDERATION/projects -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "X-Auth-Token: 58e6ceef8dcf4aceb508323e5a2a7c35"
-
****************command to get scoped token*********************************
curl --insecure -X POST POST https://sp.machine:35357/v3/auth/tokens -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "X-Auth-Token: 58e6ceef8dcf4aceb508323e5a2a7c35" -d '{"auth":{"identity":{"methods":["saml2"],"saml2":{"id":"58e6ceef8dcf4aceb508323e5a2a7c35"}},"scope":{"project":{"domain": {"id": "default"},"name":"admin"}}}}'
-
This gives an error as follows
2014-12-26 05:58:14.622 26820 ERROR keystone.common.wsgi [-] (ProgrammingError) ibm_db_dbi::ProgrammingError: SQLNumResultCols failed: [IBM][CLI Driver][DB2/LINUXX8664] SQL0134N Improper use of a string column, host variable, constant, or function "ROLE_EXTRA". SQLSTATE=42907 SQLCODE=-134 'SELECT DISTINCT role.id AS role_id, role.name AS role_name, role.extra AS role_extra \nFROM role, assignment \nWHERE assignment."type" = ? AND assignment.target_id = ? AND role.id = assignment.role_id AND assignment.actor_id IN (?)' ('GroupProject', 'c9efdd57ae9d4f5f97d07424c5c4da90', '83ef4a24bf18480f849e903ddfaba7a9')
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi Traceback (most recent call last):
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/common/wsgi.py", line 207, in __call__
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi result = method(context, **params)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/auth/controllers.py", line 343, in authenticate_for_token
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi domain_id, auth_context, trust, metadata_ref, include_catalog)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/common/manager.py", line 78, in _wrapper
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi return f(*args, **kw)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/token/providers/common.py", line 428, in issue_v3_token
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi domain_id)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/token/providers/common.py", line 503, in _handle_saml2_tokens
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi group_ids, project_id, domain_id, user_id)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/token/providers/common.py", line 199, in _populate_roles_for_groups
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi domain_id)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/common/manager.py", line 78, in _wrapper
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi return f(*args, **kw)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/assignment/backends/sql.py", line 320, in get_roles_for_groups
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi return [role.to_dict() for role in query.all()]
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib64/python2.6/site-packages/sqlalchemy/orm/query.py", line 2115, in all
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi return list(self)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib64/python2.6/site-packages/sqlalchemy/orm/query.py", line 2227, in __iter__
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi return self._execute_and_instances(context)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib64/python2.6/site-packages/sqlalchemy/orm/query.py", line 2242, in _execute_and_instances
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi result = conn.execute(querycontext.statement, self._params)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib64/python2.6/site-packages/sqlalchemy/engine/base.py", line 1449, in execute
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi params)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib64/python2.6/site-packages/sqlalchemy/engine/base.py", line 1584, in _execute_clauseelement
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi compiled_sql, distilled_params
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib64/python2.6/site-packages/sqlalchemy/engine/base.py", line 1698, in _execute_context
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi context)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib64/python2.6/site-packages/sqlalchemy/engine/base.py", line 1691, in _execute_context
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi context)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/ibm_db_sa/ibm_db.py", line 104, in do_execute
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi cursor.execute(statement, parameters)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib64/python2.6/site-packages/ibm_db_dbi.py", line 1334, in execute
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi self._set_cursor_helper()
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib64/python2.6/site-packages/ibm_db_dbi.py", line 1217, in _set_cursor_helper
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi raise self.messages[len(self.messages) - 1]
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi ProgrammingError: (ProgrammingError) ibm_db_dbi::ProgrammingError: SQLNumResultCols failed: [IBM][CLI Driver][DB2/LINUXX8664] SQL0134N Improper use of a string column, host variable, constant, or function "ROLE_EXTRA". SQLSTATE=42907 SQLCODE=-134 'SELECT DISTINCT role.id AS role_id, role.name AS role_name, role.extra AS role_extra \nFROM role, assignment \nWHERE assignment."type" = ? AND assignment.target_id = ? AND role.id = assignment.role_id AND assignment.actor_id IN (?)' ('GroupProject', 'c9efdd57ae9d4f5f97d07424c5c4da90', '83ef4a24bf18480f849e903ddfaba7a9')
-
This is happening because of the distinct clause on the select query when the extra column is a json blob.
There are two ways to fix this.
1) Remove the distinct - I tried this and it worked.
310 sql_constraints = sqlalchemy.and_(
311 RoleAssignment.type == assignment_type,
312 RoleAssignment.target_id == target_id,
313 Role.id == RoleAssignment.role_id,
314 RoleAssignment.actor_id.in_(group_ids))
315
316 session = sql.get_session()
- 317 with session.begin():
+ *317 with session.begin():
318 query = session.query(Role).filter(
- 319 sql_constraints)#.distinct()
+ 319 sql_constraints)#.distinct()*
320 return [role.to_dict() for role in query.all()]
-
- in "/usr/lib/python2.6/site-packages/keystone/assignment/backends/sql.py"
+
+ in "/usr/lib/python2.6/site-
+ packages/keystone/assignment/backends/sql.py"
2) Cast the json blob to a varchar(xxx).
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1405726
Title:
Federation, getting scoped token results in error.
Status in OpenStack Identity (Keystone):
New
Bug description:
I am using federation.
Following are the commands I executed.
I already have an admin_group created that is gets mapped to when user is back from doing saml authentication with IdP.
I then do
openstack role add --group admin_group --domain default admin
curl --insecure -X GET https://172.20.14.16:35357/v3/OS-FEDERATION/domains -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "X-Auth-Token: 58e6ceef8dcf4aceb508323e5a2a7c35"
{"domains": [{"links": {"self": "https://172.20.14.16:5000/v3/domains/default"}, "enabled": true, "description": "Owns users and tenants (i.e. projects) available on Identity API v2.", "name": "Default", "id": "default"}], "links": {"self": "https://172.20.14.16:5000/v3/OS-FEDERATION/domains";, "previous": null, "next": null}}
openstack role add --group admin_group --project admin admin
curl --insecure -X GET https://172.20.14.16:35357/v3/OS-FEDERATION/projects -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "X-Auth-Token: 58e6ceef8dcf4aceb508323e5a2a7c35"
****************command to get scoped token*********************************
curl --insecure -X POST POST https://sp.machine:35357/v3/auth/tokens -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "X-Auth-Token: 58e6ceef8dcf4aceb508323e5a2a7c35" -d '{"auth":{"identity":{"methods":["saml2"],"saml2":{"id":"58e6ceef8dcf4aceb508323e5a2a7c35"}},"scope":{"project":{"domain": {"id": "default"},"name":"admin"}}}}'
This gives an error as follows
2014-12-26 05:58:14.622 26820 ERROR keystone.common.wsgi [-] (ProgrammingError) ibm_db_dbi::ProgrammingError: SQLNumResultCols failed: [IBM][CLI Driver][DB2/LINUXX8664] SQL0134N Improper use of a string column, host variable, constant, or function "ROLE_EXTRA". SQLSTATE=42907 SQLCODE=-134 'SELECT DISTINCT role.id AS role_id, role.name AS role_name, role.extra AS role_extra \nFROM role, assignment \nWHERE assignment."type" = ? AND assignment.target_id = ? AND role.id = assignment.role_id AND assignment.actor_id IN (?)' ('GroupProject', 'c9efdd57ae9d4f5f97d07424c5c4da90', '83ef4a24bf18480f849e903ddfaba7a9')
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi Traceback (most recent call last):
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/common/wsgi.py", line 207, in __call__
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi result = method(context, **params)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/auth/controllers.py", line 343, in authenticate_for_token
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi domain_id, auth_context, trust, metadata_ref, include_catalog)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/common/manager.py", line 78, in _wrapper
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi return f(*args, **kw)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/token/providers/common.py", line 428, in issue_v3_token
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi domain_id)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/token/providers/common.py", line 503, in _handle_saml2_tokens
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi group_ids, project_id, domain_id, user_id)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/token/providers/common.py", line 199, in _populate_roles_for_groups
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi domain_id)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/common/manager.py", line 78, in _wrapper
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi return f(*args, **kw)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/keystone/assignment/backends/sql.py", line 320, in get_roles_for_groups
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi return [role.to_dict() for role in query.all()]
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib64/python2.6/site-packages/sqlalchemy/orm/query.py", line 2115, in all
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi return list(self)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib64/python2.6/site-packages/sqlalchemy/orm/query.py", line 2227, in __iter__
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi return self._execute_and_instances(context)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib64/python2.6/site-packages/sqlalchemy/orm/query.py", line 2242, in _execute_and_instances
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi result = conn.execute(querycontext.statement, self._params)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib64/python2.6/site-packages/sqlalchemy/engine/base.py", line 1449, in execute
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi params)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib64/python2.6/site-packages/sqlalchemy/engine/base.py", line 1584, in _execute_clauseelement
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi compiled_sql, distilled_params
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib64/python2.6/site-packages/sqlalchemy/engine/base.py", line 1698, in _execute_context
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi context)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib64/python2.6/site-packages/sqlalchemy/engine/base.py", line 1691, in _execute_context
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi context)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib/python2.6/site-packages/ibm_db_sa/ibm_db.py", line 104, in do_execute
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi cursor.execute(statement, parameters)
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib64/python2.6/site-packages/ibm_db_dbi.py", line 1334, in execute
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi self._set_cursor_helper()
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi File "/usr/lib64/python2.6/site-packages/ibm_db_dbi.py", line 1217, in _set_cursor_helper
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi raise self.messages[len(self.messages) - 1]
2014-12-26 05:58:14.622 26820 TRACE keystone.common.wsgi ProgrammingError: (ProgrammingError) ibm_db_dbi::ProgrammingError: SQLNumResultCols failed: [IBM][CLI Driver][DB2/LINUXX8664] SQL0134N Improper use of a string column, host variable, constant, or function "ROLE_EXTRA". SQLSTATE=42907 SQLCODE=-134 'SELECT DISTINCT role.id AS role_id, role.name AS role_name, role.extra AS role_extra \nFROM role, assignment \nWHERE assignment."type" = ? AND assignment.target_id = ? AND role.id = assignment.role_id AND assignment.actor_id IN (?)' ('GroupProject', 'c9efdd57ae9d4f5f97d07424c5c4da90', '83ef4a24bf18480f849e903ddfaba7a9')
This is happening because of the distinct clause on the select query when the extra column is a json blob.
There are two ways to fix this.
1) Remove the distinct - I tried this and it worked.
310 sql_constraints = sqlalchemy.and_(
311 RoleAssignment.type == assignment_type,
312 RoleAssignment.target_id == target_id,
313 Role.id == RoleAssignment.role_id,
314 RoleAssignment.actor_id.in_(group_ids))
315
316 session = sql.get_session()
*317 with session.begin():
318 query = session.query(Role).filter(
319 sql_constraints)#.distinct()*
320 return [role.to_dict() for role in query.all()]
in "/usr/lib/python2.6/site-
packages/keystone/assignment/backends/sql.py"
2) Cast the json blob to a varchar(xxx).
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1405726/+subscriptions
Follow ups
References
