← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #42112

[Bug 1521844] [NEW] pycadf ID validation fails for multi-domain IDs

  Thread PreviousDate PreviousThread Next 
Public bug reported:

With the latest pycadf release (2.0.0), there is a more strict
validation on the ID fields of various CADF resources, in this case, the
initiator is failing to validate some keystone user IDs.

This only happens when multi-domains are configured. An ID for a user in
a multi-domain setup is in fact two IDs concatenated together.

The code to check for a valid ID / UUID is:
https://github.com/openstack/pycadf/blob/master/pycadf/identifier.py#L50-L60

def is_valid(value):
    """Validation to ensure Identifier is correct.
    """
    if value in ['target', 'initiator', 'observer']:
        return True
    try:
        uuid.UUID(value)
    except ValueError:
        return False
    else:
        return True

A typical userID in a multi domain setup is:
c79a927caef36ade4ed36679cd084fa45df4563f94af6a956fafa936889b4faf

When this is validated in pycadf, it fails:

>>> import uuid
>>> uuid.UUID("c79a927caef36ade4ed36679cd084fa45df4563f94af6a956fafa936889b4faf")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.7/uuid.py", line 134, in __init__
    raise ValueError('badly formed hexadecimal UUID string')
ValueError: badly formed hexadecimal UUID string

Options: we can revert the change to pycadf and loosen the validation of
IDs, or make keystone use a different value.

This is the part of keystone that fails:
https://github.com/openstack/keystone/blob/master/keystone/notifications.py#L504-L505

** Affects: keystone
     Importance: Critical
         Status: Triaged

** Affects: pycadf
     Importance: Undecided
         Status: New

** Changed in: keystone
   Importance: Undecided => Critical

** Changed in: keystone
       Status: New => Triaged

** Also affects: pycadf
   Importance: Undecided
       Status: New

** Description changed:

  With the latest pycadf release (2.0.0), there is a more strict
  validation on the ID fields of various CADF resources, in this case, the
  initiator is failing to validate some keystone user IDs.
  
  This only happens when multi-domains are configured. An ID for a user in
  a multi-domain setup is in fact two IDs concatenated together.
  
  The code to check for a valid ID / UUID is:
+ https://github.com/openstack/pycadf/blob/master/pycadf/identifier.py#L50-L60
  
  def is_valid(value):
-     """Validation to ensure Identifier is correct.
-     """
-     if value in ['target', 'initiator', 'observer']:
-         return True
-     try:
-         uuid.UUID(value)
-     except ValueError:
-         return False
-     else:
-         return True
+     """Validation to ensure Identifier is correct.
+     """
+     if value in ['target', 'initiator', 'observer']:
+         return True
+     try:
+         uuid.UUID(value)
+     except ValueError:
+         return False
+     else:
+         return True
  
  A typical userID in a multi domain setup is:
  c79a927caef36ade4ed36679cd084fa45df4563f94af6a956fafa936889b4faf
  
  When this is validated in pycadf, it fails:
  
  >>> import uuid
  >>> uuid.UUID("c79a927caef36ade4ed36679cd084fa45df4563f94af6a956fafa936889b4faf")
  Traceback (most recent call last):
-   File "<stdin>", line 1, in <module>
-   File "/usr/lib/python2.7/uuid.py", line 134, in __init__
-     raise ValueError('badly formed hexadecimal UUID string')
+   File "<stdin>", line 1, in <module>
+   File "/usr/lib/python2.7/uuid.py", line 134, in __init__
+     raise ValueError('badly formed hexadecimal UUID string')
  ValueError: badly formed hexadecimal UUID string
  
- 
- Options: we can revert the change to pycadf and loosen the validation of IDs, or make keystone use a different value.
+ Options: we can revert the change to pycadf and loosen the validation of
+ IDs, or make keystone use a different value.

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1521844

Title:
  pycadf ID validation fails for multi-domain IDs

Status in OpenStack Identity (keystone):
  Triaged
Status in pycadf:
  New

Bug description:
  With the latest pycadf release (2.0.0), there is a more strict
  validation on the ID fields of various CADF resources, in this case,
  the initiator is failing to validate some keystone user IDs.

  This only happens when multi-domains are configured. An ID for a user
  in a multi-domain setup is in fact two IDs concatenated together.

  The code to check for a valid ID / UUID is:
  https://github.com/openstack/pycadf/blob/master/pycadf/identifier.py#L50-L60

  def is_valid(value):
      """Validation to ensure Identifier is correct.
      """
      if value in ['target', 'initiator', 'observer']:
          return True
      try:
          uuid.UUID(value)
      except ValueError:
          return False
      else:
          return True

  A typical userID in a multi domain setup is:
  c79a927caef36ade4ed36679cd084fa45df4563f94af6a956fafa936889b4faf

  When this is validated in pycadf, it fails:

  >>> import uuid
  >>> uuid.UUID("c79a927caef36ade4ed36679cd084fa45df4563f94af6a956fafa936889b4faf")
  Traceback (most recent call last):
    File "<stdin>", line 1, in <module>
    File "/usr/lib/python2.7/uuid.py", line 134, in __init__
      raise ValueError('badly formed hexadecimal UUID string')
  ValueError: badly formed hexadecimal UUID string

  Options: we can revert the change to pycadf and loosen the validation
  of IDs, or make keystone use a different value.

  This is the part of keystone that fails:
  https://github.com/openstack/keystone/blob/master/keystone/notifications.py#L504-L505

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1521844/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next