[Bug 1819453] Re: keystone-ldap TypeError: cannot concatenate 'str' and 'NoneType' object
Colleen Murphy
colleen at gazlene.net
Thu Mar 21 16:09:27 UTC 2019
I can't reproduce this either on Stein or Queens with devstack. Haven't
tried with Ocata yet. This is what I tried:
Create new user in LDAP backend:
$ ldapadd -x -w nomoresecret -D cn=Manager,dc=openstack,dc=org \
> -H ldap://localhost -c -f peter.ldif.in
adding new entry "cn=peter,ou=Users,dc=openstack,dc=org"
$ openstack --os-cloud=devstack-admin user list --domain Users
+------------------------------------------------------------------+-------+
| ID | Name |
+------------------------------------------------------------------+-------+
| eb55ea06af4ba6f1b7b90f4746f5c2d3e570a44a23829e9b581fe32d482bf697 | demo |
| fbbc3741707c62db5eed4242978f09089d341df01f827b8a795731a188f166cd | peter |
+------------------------------------------------------------------+-------+
Auth with the user so that an entry gets created in the user and
nonlocal_user database:
$ openstack --os-cloud=ldap token issue
...
Delete the user from the LDAP backend:
$ ldapdelete -x -w nomoresecret -D cn=Manager,dc=openstack,dc=org \
> -H ldap://localhost cn=peter,ou=Users,dc=openstack,dc=org
At this point from the API perspective the user is effectively gone:
$ openstack --os-cloud=devstack-admin user list --domain Users
+------------------------------------------------------------------+------+
| ID | Name |
+------------------------------------------------------------------+------+
| eb55ea06af4ba6f1b7b90f4746f5c2d3e570a44a23829e9b581fe32d482bf697 | demo |
+------------------------------------------------------------------+------+
Manually removed the user from the mysql database:
mysql> delete from user where id = 'fbbc3741707c62db5eed4242978f09089d341df01f827b8a795731a188f166cd';
Query OK, 1 row affected (0.01 sec)
mysql> select * from nonlocal_user;
Empty set (0.00 sec)
User list still seems okay:
$ openstack --os-cloud=devstack-admin user list --domain Users
+------------------------------------------------------------------+------+
| ID | Name |
+------------------------------------------------------------------+------+
| eb55ea06af4ba6f1b7b90f4746f5c2d3e570a44a23829e9b581fe32d482bf697 | demo |
+------------------------------------------------------------------+------+
$ sudo systemctl restart memcached
$ openstack --os-cloud=devstack-admin user list --domain Users
+------------------------------------------------------------------+------+
| ID | Name |
+------------------------------------------------------------------+------+
| eb55ea06af4ba6f1b7b90f4746f5c2d3e570a44a23829e9b581fe32d482bf697 | demo |
+------------------------------------------------------------------+------+
Two other comments:
First, in my opinion, manually editing the database table is not
supportable. Keystone's behavior after doing that is naturally
undefined.
Second, regarding this comment:
> Ultimately, I believe we have to cleanup the id_mappings table, however, I believe the invalid assumption at the line below is still worth discussion:
https://github.com/openstack/keystone/blob/stable/ocata/keystone/identity/mapping_backends/sql.py#L81
I don't think that code comment is invalid. The ID mapping is
deterministically generated from the user ID from LDAP and the domain
ID. If it's there, it means that if there was such a user with such an
ID and domain, it would have that public ID. It doesn't mean the user is
guaranteed to still exist in LDAP or the nonlocal_user table.
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1819453
Title:
keystone-ldap TypeError: cannot concatenate 'str' and 'NoneType'
object
Status in Ubuntu Cloud Archive:
New
Status in Ubuntu Cloud Archive mitaka series:
New
Status in Ubuntu Cloud Archive ocata series:
New
Status in Ubuntu Cloud Archive pike series:
New
Status in Ubuntu Cloud Archive queens series:
Triaged
Status in Ubuntu Cloud Archive rocky series:
New
Status in Ubuntu Cloud Archive stein series:
New
Status in OpenStack Identity (keystone):
New
Status in keystone package in Ubuntu:
New
Status in keystone source package in Xenial:
New
Status in keystone source package in Bionic:
Triaged
Status in keystone source package in Cosmic:
New
Status in keystone source package in Disco:
New
Bug description:
Proposed action:
=============
Key / value failed check error.
Should check key exists and warn user of bad users / continue
Bug presented by:
=================
openstack user list --domain customerdata
cannot concatenate 'str' and 'NoneType' objects (HTTP 400) (Request-ID: req-cc0e225d-d033-4dfa-aff8-7311389d4f58)
Trace:
======
(keystone.common.wsgi): 2019-03-11 12:30:47,154 ERROR cannot concatenate 'str' and 'NoneType' objects
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 228, in __call__
result = method(req, **params)
File "/usr/lib/python2.7/dist-packages/keystone/common/controller.py", line 235, in wrapper
return f(self, request, filters, **kwargs)
File "/usr/lib/python2.7/dist-packages/keystone/identity/controllers.py", line 233, in list_users
return UserV3.wrap_collection(request.context_dict, refs, hints=hints)
File "/usr/lib/python2.7/dist-packages/keystone/common/controller.py", line 499, in wrap_collection
cls.wrap_member(context, ref)
File "/usr/lib/python2.7/dist-packages/keystone/common/controller.py", line 468, in wrap_member
cls._add_self_referential_link(context, ref)
File "/usr/lib/python2.7/dist-packages/keystone/common/controller.py", line 464, in _add_self_referential_link
ref['links']['self'] = cls.base_url(context) + '/' + ref['id']
TypeError: cannot concatenate 'str' and 'NoneType' objects
Offending Data:
===============
@ line 233 i put LOG.debug( pprint.pformat( refs ) )
grep -b 2 "'id': None," /varlog/keystone/keystone.log
{'domain_id': u'8ce102de5ac644288f61838f5e0f46e7',
'email': u'customerdata at cusomter.com',
'id': None,
--
{'domain_id': u'8ce102de5ac644288f61838f5e0f46e7',
'email': u'customerdata at cusomter.com',
'id': None,
--
{'domain_id': u'8ce102de5ac644288f61838f5e0f46e7',
'email': u'customerdata at cusomter.com',
'id': None,
Platform:
=========
cat /etc/*-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.5 LTS"
NAME="Ubuntu"
VERSION="16.04.5 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.5 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial
verions:
========
dpkg --list | grep keystone
ii keystone 2:11.0.3-0ubuntu1~cloud0 all OpenStack identity service - Daemons
ii python-keystone 2:11.0.3-0ubuntu1~cloud0 all OpenStack identity service - Python library
ii python-keystoneauth1 2.18.0-0ubuntu2~cloud0 all authentication library for OpenStack Identity - Python 2.7
ii python-keystoneclient 1:3.10.0-0ubuntu1~cloud0 all client library for the OpenStack Keystone API - Python 2.x
ii python-keystonemiddleware 4.14.0-0ubuntu1.2~cloud0 all Middleware for OpenStack Identity (Keystone) - Python 2.x
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1819453/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list