yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1850634] [NEW] stable/queens regresion - _dn_to_id() should still be using utf8_encode/utf8_decode in queens

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Corey Bryant <corey.bryant@xxxxxxxxxxxxx>
Date: Wed, 30 Oct 2019 12:46:59 -0000
Reply-to: Bug 1850634 <1850634@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

There's a regression in the LDAP common backend code due to a recent
stable/queens backport that shouldn't have been backported past
stable/rocky.

The following patch shouldn't have been backported to stable/queens:
https://review.opendev.org/#/c/672519/

The reason why is because the following patch, which switched to bytes_mode=False, doesn't exist in stable/queens:
https://review.opendev.org/#/c/613648/
In particular see the changes to _dn_to_id() in https://review.opendev.org/#/c/613648/4/keystone/identity/backends/ldap/common.py.

Those changes didn't happen in stable/queens so _dn_to_id should still
be UTF-8 encoding/decoding the appropriate fields. In other words it
should still be using the following in stable/queens:

    def _dn_to_id(self, dn):
        # Check if the naming attribute in the DN is the same as keystone's
        # configured 'id' attribute'.  If so, extract the ID value from the DN
        if self.id_attr == utf8_decode(
                ldap.dn.str2dn(utf8_encode(dn))[0][0][0].lower()):
            return utf8_decode(ldap.dn.str2dn(utf8_encode(dn))[0][0][1])

** Affects: keystone
     Importance: Undecided
         Status: New

** Affects: keystone (Ubuntu)
     Importance: Undecided
         Status: Invalid

** Affects: keystone (Ubuntu Bionic)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1850634

Title:
  stable/queens regresion - _dn_to_id() should still be using
  utf8_encode/utf8_decode in queens

Status in OpenStack Identity (keystone):
  New
Status in keystone package in Ubuntu:
  Invalid
Status in keystone source package in Bionic:
  New

Bug description:
  There's a regression in the LDAP common backend code due to a recent
  stable/queens backport that shouldn't have been backported past
  stable/rocky.

  The following patch shouldn't have been backported to stable/queens:
  https://review.opendev.org/#/c/672519/

  The reason why is because the following patch, which switched to bytes_mode=False, doesn't exist in stable/queens:
  https://review.opendev.org/#/c/613648/
  In particular see the changes to _dn_to_id() in https://review.opendev.org/#/c/613648/4/keystone/identity/backends/ldap/common.py.

  Those changes didn't happen in stable/queens so _dn_to_id should still
  be UTF-8 encoding/decoding the appropriate fields. In other words it
  should still be using the following in stable/queens:

      def _dn_to_id(self, dn):
          # Check if the naming attribute in the DN is the same as keystone's
          # configured 'id' attribute'.  If so, extract the ID value from the DN
          if self.id_attr == utf8_decode(
                  ldap.dn.str2dn(utf8_encode(dn))[0][0][0].lower()):
              return utf8_decode(ldap.dn.str2dn(utf8_encode(dn))[0][0][1])

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1850634/+subscriptions

Follow ups

[Bug 1850634] Re: queens regresion: _dn_to_id() not using utf8_encode/decode
From: Corey Bryant, 2020-01-15
[Bug 1850634] Re: queens regresion: _dn_to_id() not using utf8_encode/decode
From: Launchpad Bug Tracker, 2020-01-15
[Bug 1850634] Re: stable/queens regresion - _dn_to_id() should still be using utf8_encode/utf8_decode in queens
From: Corey Bryant, 2019-10-30