yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #62768
[Bug 1670382] Re: [ldap]/group_members_are_ids isn't a whitelisted option
Reviewed: https://review.openstack.org/442048
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=53a47b779e19d4140f059666ee19483da9ca5ea6
Submitter: Jenkins
Branch: master
commit 53a47b779e19d4140f059666ee19483da9ca5ea6
Author: Ubuntu <csravelar@xxxxxxxxx>
Date: Mon Mar 6 17:08:42 2017 +0000
Add group_members_are_ids to whitelisted options
This patch addresses a bug and adds group_members_are_ids to the
whitelist to allow for use in `keystone-manage domain_config_upload`
Change-Id: Ifa8d0d723e90be16888859bfa2b0804a0b183877
Closes-Bug: 1670382
** Changed in: keystone
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1670382
Title:
[ldap]/group_members_are_ids isn't a whitelisted option
Status in OpenStack Identity (keystone):
Fix Released
Bug description:
If you're using the domain config api via `keystone-manage
domain_config_upload, it will fail because
[ldap]/group_members_are_ids isn't in the whitelisted options [0].
There doesn't seem to be valid case to not have `CONF [ldap]
group_members_are_ids` in the whitelist, as it seems like something
that could be different per domain.
[0]
https://github.com/openstack/keystone/blob/b43337413022583ca2e1c509c4fd23b384da0b2c/keystone/resource/core.py#L894-L917
Trace:
# keystone-manage domain_config_upload --all
Option "verbose" from group "DEFAULT" is deprecated for removal. Its value may be silently ignored in the future.
2017-03-06 15:24:55.216 14676 WARNING keystone.cmd.cli [-] Deprecated: keystone-manage domain_config_upload is deprecated as of Newton in favor of setting domain config options via the API and may be removed in 'P' release.
2017-03-06 15:24:55.569 14676 INFO keystone.cmd.cli [-] Scanning '/etc/keystone/domains' for domain config files
2017-03-06 15:24:55.583 14676 ERROR keystone.cmd.cli [req-54e29fe9-0be4-43b4-a5d0-99d4e281596b - - - - -] Error processing config file for domain: ldap_users, file: /etc/keystone/domains/keystone.ldap_users.conf, error: Invalid domain specific configuration: Option group_members_are_ids in group ldap is not supported for domain specific configurations
2017-03-06 15:24:55.583 14676 ERROR keystone.cmd.cli Traceback (most recent call last):
2017-03-06 15:24:55.583 14676 ERROR keystone.cmd.cli File "/usr/lib/python2.7/site-packages/keystone/cmd/cli.py", line 979, in _upload_config_to_database
2017-03-06 15:24:55.583 14676 ERROR keystone.cmd.cli sections)
2017-03-06 15:24:55.583 14676 ERROR keystone.cmd.cli File "/usr/lib/python2.7/site-packages/keystone/common/manager.py", line 124, in wrapped
2017-03-06 15:24:55.583 14676 ERROR keystone.cmd.cli __ret_val = __f(*args, **kwargs)
2017-03-06 15:24:55.583 14676 ERROR keystone.cmd.cli File "/usr/lib/python2.7/site-packages/keystone/resource/core.py", line 1131, in create_config
2017-03-06 15:24:55.583 14676 ERROR keystone.cmd.cli self._assert_valid_config(config)
2017-03-06 15:24:55.583 14676 ERROR keystone.cmd.cli File "/usr/lib/python2.7/site-packages/keystone/resource/core.py", line 1021, in _assert_valid_config
2017-03-06 15:24:55.583 14676 ERROR keystone.cmd.cli self._assert_valid_group_and_option(group, option)
2017-03-06 15:24:55.583 14676 ERROR keystone.cmd.cli File "/usr/lib/python2.7/site-packages/keystone/resource/core.py", line 1057, in _assert_valid_group_and_option
2017-03-06 15:24:55.583 14676 ERROR keystone.cmd.cli raise exception.InvalidDomainConfig(reason=msg)
2017-03-06 15:24:55.583 14676 ERROR keystone.cmd.cli InvalidDomainConfig: Invalid domain specific configuration: Option group_members_are_ids in group ldap is not supported for domain specific configurations
2017-03-06 15:24:55.583 14676 ERROR keystone.cmd.cli
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1670382/+subscriptions
References
