yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #66348
[Bug 1704205] Re: GET /v3/role_assignments?effective&include_names API fails with unexpected 500 error
Reviewed: https://review.openstack.org/485302
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=bb2b215b539b56c01e9a0c7acd9fd62ed1529ebc
Submitter: Jenkins
Branch: master
commit bb2b215b539b56c01e9a0c7acd9fd62ed1529ebc
Author: prashkre <prashkre@xxxxxxxxxx>
Date: Wed Jul 19 23:37:02 2017 +0530
Filter users and groups in ldap
All users and groups are required to have a name. Prior to this fix,
Keystone was not properly enforcing this for LDAP users and groups.
Keystone will now ignore users and groups that do not have a value for
the LDAP attribute which Keystone has been configured to use for that
entity's name.
Closes-Bug: #1704205
Change-Id: I424813785b7a355514ef42f1e4c6384b8a78b256
** Changed in: keystone
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1704205
Title:
GET /v3/role_assignments?effective&include_names API fails with
unexpected 500 error
Status in OpenStack Identity (keystone):
Fix Released
Bug description:
In an environment like ldap server as identity backend, where a group
has role assignment but some users in group doesn't have "name"
attribute configured in ldap. So while fetching effective role
assignments with include_names, it is failing in below stack trace
error.
2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi Traceback (most recent call last):
2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 228, in __call__
2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi result = method(req, **params)
2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/assignment/controllers.py", line 999, in list_role_assignments_wrapper
2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi return self.list_role_assignments(request)
2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/controller.py", line 235, in wrapper
2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi return f(self, request, filters, **kwargs)
2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/assignment/controllers.py", line 956, in list_role_assignments
2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi return self._list_role_assignments(request, filters)
2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/assignment/controllers.py", line 945, in _list_role_assignments
2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi include_names=include_names)
2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/manager.py", line 123, in wrapped
2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi __ret_val = __f(*args, **kwargs)
2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/assignment/core.py", line 948, in list_role_assignments
2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi return self._get_names_from_role_assignments(role_assignments)
2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/assignment/core.py", line 974, in _get_names_from_role_assignments
2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi new_assign['user_name'] = _user['name']
2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi KeyError: 'name'
2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1704205/+subscriptions
References
