[Bug 1655182] Re: keystone-manage mapping_engine tester problems

Edward Hope-Morley edward.hope-morley at canonical.com
Mon Jul 31 11:11:19 UTC 2017

I have verified this fix using the steps detailed in the test case and
can confirm that the fix is good:

root at juju-58b2b9-default-7:~# keystone-manage mapping_engine --rules mapping.json --input input.txt
  "group_ids": [], 
  "user": {
    "domain": {
      "id": "default"
    "type": "local", 
    "name": "abc"
  "group_names": []

You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to keystone in Ubuntu.

  keystone-manage mapping_engine tester problems

Status in Ubuntu Cloud Archive:
  Fix Released
Status in Ubuntu Cloud Archive mitaka series:
Status in Ubuntu Cloud Archive newton series:
  Fix Committed
Status in OpenStack Identity (keystone):
  Fix Released
Status in keystone package in Ubuntu:
  Fix Released
Status in keystone source package in Xenial:
  Fix Committed
Status in keystone source package in Yakkety:
  Won't Fix

Bug description:

   * A bug in keystone-manage tool prohibits the use of the
  mapping_engine command for testing federation rules.

   * Users of Keystone Federation will not be able to verify their
  mapping rules before pushing these to production.

   * Not being able to test rules before pushing to production is a
  major operational challenge for our users.

   * The proposed upload fixes this by backporting a fix for this issue
  from upstream stable/ocata.

  [Test Case]

   * Deploy keystone using Juju with this bundle:

   * ssh to keystone unit, grab artifacts and run command:
     - mapping.json: http://pastebin.ubuntu.com/24855419/
     - input.txt: http://pastebin.ubuntu.com/24855420/
     - command:
     'keystone-manage mapping_engine --rules mapping.json --input input.txt'

   * Observe that command provides no output and that a Python Traceback
  is printed in /var/log/keystone/keystone.log

   * Install the proposed package, repeat the above steps and observe
  that the command now outputs its interpretation and effect of the

  [Regression Potential]

   * keystone-manage mapping_engine is a operational test tool and is
  solely used by the operator to test their rules.

   * The distributed version of this command in Xenial and Yakkety does
  currently not work at all.

   * The change will make the command work as our users expect it to.

  [Original bug description]
  There are several problems with keystone-manage mapping_engine

  * It aborts with a backtrace because of wrong number of arguments
    passed to the RuleProcessor

  * The --engine-debug option does not work.

  * Error messages related to input data are cryptic and inprecise.

To manage notifications about this bug go to:

More information about the Ubuntu-openstack-bugs mailing list