yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1401057] Re: Direct mapping in mapping rules don't work with keywords

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1401057@xxxxxxxxxxxxxxxxxx>
Date: Mon, 01 Feb 2016 17:03:55 -0000
Reply-to: Bug 1401057 <1401057@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/175980
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=c8682888bc5a9661771bf1017392156562b7084d
Submitter: Jenkins
Branch:    master

commit c8682888bc5a9661771bf1017392156562b7084d
Author: Marek Denis <marek.denis@xxxxxxx>
Date:   Tue Apr 21 18:32:34 2015 +0200

    Raise more precise exception on keyword mapping errors
    
    Currently mapping rules cannot be built in a way where a remote
    keyword such as 'any_one_of' or 'not_any_of' is used for direct
    mapping ('{0}', '{1}' etc in local rules). However, there is also
    no good way of informing user of faulty mapping rules. The original
    code will raise an unhelpful IndexError.
    
    This patch:
    
    - introduces new exception class (resulting in HTTP 500 error code)
    - changes the logic of mapping rules evaluation, that new exception
      class is being raised under appropriate circumstances.
    
    Change-Id: I0f9e7a6949ff8bfbd147e2d3cac59fd5197934f1
    Closes-Bug: #1401057


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1401057

Title:
  Direct mapping in mapping rules don't work with keywords

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  Federation mapping engine doesn't work correctly when a rule to be directly mapped has special keywords (any_one_of or not_any_of). 
  For instance: 

  rules = [  
  {
      "local": [
          {
              "user": {
                  "name": "{0}"
              }
          },
          {
              "group": {
                  "id": "abc"
              }
          }
      ],
      "remote": [
          {
              "type": "openstack_user",
              "any_one_of": [
                  "user1",
                  "admin"
              ]
          }
      ]
  }
  ]

  user['name'] will not map "openstack_user" value as a keyword
  "any_one_of" is present in that remote rule. No validation error will
  be raised and direct value "{0}" will be used.

  Mapping engine should validate such cases and preferably allow for
  direct mapping.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1401057/+subscriptions

References

[Bug 1401057] [NEW] Direct mapping in mapping rules don't work with keywords
From: Marek Denis, 2014-12-10