[Bug 1819453] Re: keystone-ldap TypeError: cannot concatenate 'str' and 'NoneType' object

Colleen Murphy colleen at gazlene.net
Thu Mar 21 16:09:27 UTC 2019 

I can't reproduce this either on Stein or Queens with devstack. Haven't
tried with Ocata yet. This is what I tried:

Create new user in LDAP backend:

$ ldapadd -x -w nomoresecret -D cn=Manager,dc=openstack,dc=org \
>         -H ldap://localhost -c -f peter.ldif.in
adding new entry "cn=peter,ou=Users,dc=openstack,dc=org"
$ openstack --os-cloud=devstack-admin user list --domain Users
+------------------------------------------------------------------+-------+
| ID                                                               | Name  |
+------------------------------------------------------------------+-------+
| eb55ea06af4ba6f1b7b90f4746f5c2d3e570a44a23829e9b581fe32d482bf697 | demo  |
| fbbc3741707c62db5eed4242978f09089d341df01f827b8a795731a188f166cd | peter |
+------------------------------------------------------------------+-------+

Auth with the user so that an entry gets created in the user and
nonlocal_user database:

$ openstack --os-cloud=ldap token issue
...

Delete the user from the LDAP backend:

$ ldapdelete -x -w nomoresecret -D cn=Manager,dc=openstack,dc=org \
>         -H ldap://localhost cn=peter,ou=Users,dc=openstack,dc=org

At this point from the API perspective the user is effectively gone:

$ openstack --os-cloud=devstack-admin user list --domain Users
+------------------------------------------------------------------+------+
| ID                                                               | Name |
+------------------------------------------------------------------+------+
| eb55ea06af4ba6f1b7b90f4746f5c2d3e570a44a23829e9b581fe32d482bf697 | demo |
+------------------------------------------------------------------+------+

Manually removed the user from the mysql database:

mysql> delete from user where id = 'fbbc3741707c62db5eed4242978f09089d341df01f827b8a795731a188f166cd';
Query OK, 1 row affected (0.01 sec)

mysql> select * from nonlocal_user;
Empty set (0.00 sec)

User list still seems okay:

$ openstack --os-cloud=devstack-admin user list --domain Users
+------------------------------------------------------------------+------+
| ID                                                               | Name |
+------------------------------------------------------------------+------+
| eb55ea06af4ba6f1b7b90f4746f5c2d3e570a44a23829e9b581fe32d482bf697 | demo |
+------------------------------------------------------------------+------+
$ sudo systemctl restart memcached
$ openstack --os-cloud=devstack-admin user list --domain Users
+------------------------------------------------------------------+------+
| ID                                                               | Name |
+------------------------------------------------------------------+------+
| eb55ea06af4ba6f1b7b90f4746f5c2d3e570a44a23829e9b581fe32d482bf697 | demo |
+------------------------------------------------------------------+------+

Two other comments:

First, in my opinion, manually editing the database table is not
supportable. Keystone's behavior after doing that is naturally
undefined.

Second, regarding this comment:

> Ultimately, I believe we have to cleanup the id_mappings table, however, I believe the invalid assumption at the line below is still worth discussion:
https://github.com/openstack/keystone/blob/stable/ocata/keystone/identity/mapping_backends/sql.py#L81

I don't think that code comment is invalid. The ID mapping is
deterministically generated from the user ID from LDAP and the domain
ID. If it's there, it means that if there was such a user with such an
ID and domain, it would have that public ID. It doesn't mean the user is
guaranteed to still exist in LDAP or the nonlocal_user table.

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1819453

Title:
  keystone-ldap TypeError: cannot concatenate 'str' and 'NoneType'
  object

Status in Ubuntu Cloud Archive:
  New
Status in Ubuntu Cloud Archive mitaka series:
  New
Status in Ubuntu Cloud Archive ocata series:
  New
Status in Ubuntu Cloud Archive pike series:
  New
Status in Ubuntu Cloud Archive queens series:
  Triaged
Status in Ubuntu Cloud Archive rocky series:
  New
Status in Ubuntu Cloud Archive stein series:
  New
Status in OpenStack Identity (keystone):
  New
Status in keystone package in Ubuntu:
  New
Status in keystone source package in Xenial:
  New
Status in keystone source package in Bionic:
  Triaged
Status in keystone source package in Cosmic:
  New
Status in keystone source package in Disco:
  New

Bug description:
  Proposed action:
  =============
  Key / value failed check error.
  Should check key exists and warn user of bad users / continue

  Bug presented by:
  =================
  openstack user list --domain customerdata
  cannot concatenate 'str' and 'NoneType' objects (HTTP 400) (Request-ID: req-cc0e225d-d033-4dfa-aff8-7311389d4f58) 

  Trace:
  ======
  (keystone.common.wsgi): 2019-03-11 12:30:47,154 ERROR cannot concatenate 'str' and 'NoneType' objects
  Traceback (most recent call last):
    File "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 228, in __call__
      result = method(req, **params)
    File "/usr/lib/python2.7/dist-packages/keystone/common/controller.py", line 235, in wrapper
      return f(self, request, filters, **kwargs)
    File "/usr/lib/python2.7/dist-packages/keystone/identity/controllers.py", line 233, in list_users
      return UserV3.wrap_collection(request.context_dict, refs, hints=hints)
    File "/usr/lib/python2.7/dist-packages/keystone/common/controller.py", line 499, in wrap_collection
      cls.wrap_member(context, ref)
    File "/usr/lib/python2.7/dist-packages/keystone/common/controller.py", line 468, in wrap_member
      cls._add_self_referential_link(context, ref)
    File "/usr/lib/python2.7/dist-packages/keystone/common/controller.py", line 464, in _add_self_referential_link
      ref['links']['self'] = cls.base_url(context) + '/' + ref['id']
  TypeError: cannot concatenate 'str' and 'NoneType' objects

  
  Offending Data:
  ===============
  @ line 233 i put LOG.debug( pprint.pformat( refs ) )

  grep -b 2 "'id': None," /varlog/keystone/keystone.log

  {'domain_id': u'8ce102de5ac644288f61838f5e0f46e7',
    'email': u'customerdata at cusomter.com',
    'id': None,
  --
   {'domain_id': u'8ce102de5ac644288f61838f5e0f46e7',
    'email': u'customerdata at cusomter.com',
    'id': None,
  --
   {'domain_id': u'8ce102de5ac644288f61838f5e0f46e7',
    'email': u'customerdata at cusomter.com',
    'id': None,

  
  Platform:
  =========
  cat /etc/*-release
  DISTRIB_ID=Ubuntu
  DISTRIB_RELEASE=16.04
  DISTRIB_CODENAME=xenial
  DISTRIB_DESCRIPTION="Ubuntu 16.04.5 LTS"
  NAME="Ubuntu"
  VERSION="16.04.5 LTS (Xenial Xerus)"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Ubuntu 16.04.5 LTS"
  VERSION_ID="16.04"
  HOME_URL="http://www.ubuntu.com/"
  SUPPORT_URL="http://help.ubuntu.com/"
  BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
  VERSION_CODENAME=xenial
  UBUNTU_CODENAME=xenial

  verions:
  ========
  dpkg --list | grep keystone
  ii  keystone                         2:11.0.3-0ubuntu1~cloud0                   all          OpenStack identity service - Daemons
  ii  python-keystone                  2:11.0.3-0ubuntu1~cloud0                   all          OpenStack identity service - Python library
  ii  python-keystoneauth1             2.18.0-0ubuntu2~cloud0                     all          authentication library for OpenStack Identity - Python 2.7
  ii  python-keystoneclient            1:3.10.0-0ubuntu1~cloud0                   all          client library for the OpenStack Keystone API - Python 2.x
  ii  python-keystonemiddleware        4.14.0-0ubuntu1.2~cloud0                   all          Middleware for OpenStack Identity (Keystone) - Python 2.x

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1819453/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list