← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #45400

[Bug 1521844] Re: pycadf ID validation fails for multi-domain IDs

  Thread PreviousDate PreviousThread Next 
Reviewed:  https://review.openstack.org/252182
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=944bd0a2dca60a5b144378587a13220d33298051
Submitter: Jenkins
Branch:    master

commit 944bd0a2dca60a5b144378587a13220d33298051
Author: Ajaya Agrawal <ajku.agr@xxxxxxxxx>
Date:   Wed Jan 20 17:01:52 2016 +0000

    Ensure pycadf initiator IDs are UUID
    
    pycadf now has more strict validation for IDs, specifically, it tests to
    make sure they are UUIDs. In a multi-domain configuration this fails
    since the public ID that is generated by keystone is not an actual UUID.
    
    Change-Id: I1fd13bd7a7fe037bd0e1b7d6fb0214460ff7c963
    Closes-Bug: 1521844
    Co-Authored-By: Steve Martinelli <stevemar@xxxxxxxxxx>


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1521844

Title:
  pycadf ID validation fails for multi-domain IDs

Status in OpenStack Identity (keystone):
  Fix Released
Status in pycadf:
  Fix Released

Bug description:
  With the latest pycadf release (2.0.0), there is a more strict
  validation on the ID fields of various CADF resources, in this case,
  the initiator is failing to validate some keystone user IDs.

  This only happens when multi-domains are configured. An ID for a user
  in a multi-domain setup is in fact two IDs concatenated together.

  The code to check for a valid ID / UUID is:
  https://github.com/openstack/pycadf/blob/master/pycadf/identifier.py#L50-L60

  def is_valid(value):
      """Validation to ensure Identifier is correct.
      """
      if value in ['target', 'initiator', 'observer']:
          return True
      try:
          uuid.UUID(value)
      except ValueError:
          return False
      else:
          return True

  A typical userID in a multi domain setup is:
  c79a927caef36ade4ed36679cd084fa45df4563f94af6a956fafa936889b4faf

  When this is validated in pycadf, it fails:

  >>> import uuid
  >>> uuid.UUID("c79a927caef36ade4ed36679cd084fa45df4563f94af6a956fafa936889b4faf")
  Traceback (most recent call last):
    File "<stdin>", line 1, in <module>
    File "/usr/lib/python2.7/uuid.py", line 134, in __init__
      raise ValueError('badly formed hexadecimal UUID string')
  ValueError: badly formed hexadecimal UUID string

  Options: we can revert the change to pycadf and loosen the validation
  of IDs, or make keystone use a different value.

  This is the part of keystone that fails:
  https://github.com/openstack/keystone/blob/master/keystone/notifications.py#L504-L505

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1521844/+subscriptions

References

  Thread PreviousDate PreviousThread Next