yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1850634] Re: stable/queens regresion - _dn_to_id() should still be using utf8_encode/utf8_decode in queens

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Corey Bryant <corey.bryant@xxxxxxxxxxxxx>
Date: Wed, 30 Oct 2019 13:00:31 -0000
Reply-to: Bug 1850634 <1850634@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Also affects: keystone (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: keystone (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Changed in: keystone (Ubuntu)
       Status: New => Invalid

** Changed in: keystone (Ubuntu Bionic)
       Status: New => Triaged

** Changed in: keystone (Ubuntu Bionic)
   Importance: Undecided => High

** Also affects: cloud-archive
   Importance: Undecided
       Status: New

** Also affects: cloud-archive/queens
   Importance: Undecided
       Status: New

** Changed in: cloud-archive
       Status: New => Invalid

** Changed in: cloud-archive/queens
       Status: New => Triaged

** Changed in: cloud-archive/queens
   Importance: Undecided => High

** Changed in: cloud-archive/queens
     Assignee: (unassigned) => Corey Bryant (corey.bryant)

** Changed in: keystone (Ubuntu Bionic)
     Assignee: (unassigned) => Corey Bryant (corey.bryant)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1850634

Title:
  stable/queens regresion - _dn_to_id() should still be using
  utf8_encode/utf8_decode in queens

Status in Ubuntu Cloud Archive:
  Invalid
Status in Ubuntu Cloud Archive queens series:
  Triaged
Status in OpenStack Identity (keystone):
  New
Status in keystone package in Ubuntu:
  Invalid
Status in keystone source package in Bionic:
  Triaged

Bug description:
  There's a regression in the LDAP common backend code due to a recent
  stable/queens backport that shouldn't have been backported past
  stable/rocky.

  The following patch shouldn't have been backported to stable/queens:
  https://review.opendev.org/#/c/672519/

  The reason why is because the following patch, which switched to bytes_mode=False, doesn't exist in stable/queens:
  https://review.opendev.org/#/c/613648/
  In particular see the changes to _dn_to_id() in https://review.opendev.org/#/c/613648/4/keystone/identity/backends/ldap/common.py.

  Those changes didn't happen in stable/queens so _dn_to_id should still
  be UTF-8 encoding/decoding the appropriate fields. In other words it
  should still be using the following in stable/queens:

      def _dn_to_id(self, dn):
          # Check if the naming attribute in the DN is the same as keystone's
          # configured 'id' attribute'.  If so, extract the ID value from the DN
          if self.id_attr == utf8_decode(
                  ldap.dn.str2dn(utf8_encode(dn))[0][0][0].lower()):
              return utf8_decode(ldap.dn.str2dn(utf8_encode(dn))[0][0][1])

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1850634/+subscriptions

References

[Bug 1850634] [NEW] stable/queens regresion - _dn_to_id() should still be using utf8_encode/utf8_decode in queens
From: Corey Bryant, 2019-10-30