[Bug 1850634] Re: stable/queens regresion - _dn_to_id() should still be using utf8_encode/utf8_decode in queens

Corey Bryant corey.bryant at canonical.com
Wed Oct 30 13:10:50 UTC 2019 

** Description changed:

+ [Impact]
+ 
  There's a regression in the LDAP common backend code due to a recent
  stable/queens backport that shouldn't have been backported past
- stable/rocky.
+ stable/rocky. It was backported as part of the fixes for
+ https://bugs.launchpad.net/bugs/1782922.
  
  The following patch shouldn't have been backported to stable/queens:
  https://review.opendev.org/#/c/672519/
  
  The reason why is because the following patch, which switched to bytes_mode=False, doesn't exist in stable/queens:
  https://review.opendev.org/#/c/613648/
  In particular see the changes to _dn_to_id() in https://review.opendev.org/#/c/613648/4/keystone/identity/backends/ldap/common.py.
  
  Those changes didn't happen in stable/queens so _dn_to_id should still
  be UTF-8 encoding/decoding the appropriate fields. In other words it
  should still be using the following in stable/queens:
  
-     def _dn_to_id(self, dn):
-         # Check if the naming attribute in the DN is the same as keystone's
-         # configured 'id' attribute'.  If so, extract the ID value from the DN
          if self.id_attr == utf8_decode(
                  ldap.dn.str2dn(utf8_encode(dn))[0][0][0].lower()):
              return utf8_decode(ldap.dn.str2dn(utf8_encode(dn))[0][0][1])
+ 
+ [Test Case]
+ See test case in https://bugs.launchpad.net/bugs/1782922.
+ 
+ [Regression Potential]
+ The code that will be fixed for this bug (ie. the code in the if statement) is being reverted to what it used to be prior to the bug fix for https://bugs.launchpad.net/bugs/1782922. Prior to 1782922, _dn_to_id() used to only consist of the code that is in the if statment, so the regression potential is very low. Code will be tested to minimize regression potential and patch has been submitted upstream.

** Summary changed:

- stable/queens regresion - _dn_to_id() should still be using utf8_encode/utf8_decode in queens
+ queens regresion - _dn_to_id() not using utf8_encode/utf8_decode

** Summary changed:

- queens regresion - _dn_to_id() not using utf8_encode/utf8_decode
+ queens regresion: _dn_to_id() not using utf8_encode/utf8_decode

** Summary changed:

- queens regresion: _dn_to_id() not using utf8_encode/utf8_decode
+ queens regresion: _dn_to_id() not using utf8_encode/decode

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1850634

Title:
  queens regresion: _dn_to_id() not using utf8_encode/decode

Status in Ubuntu Cloud Archive:
  Invalid
Status in Ubuntu Cloud Archive queens series:
  Triaged
Status in OpenStack Identity (keystone):
  New
Status in keystone package in Ubuntu:
  Invalid
Status in keystone source package in Bionic:
  Triaged

Bug description:
  [Impact]

  There's a regression in the LDAP common backend code due to a recent
  stable/queens backport that shouldn't have been backported past
  stable/rocky. It was backported as part of the fixes for
  https://bugs.launchpad.net/bugs/1782922.

  The following patch shouldn't have been backported to stable/queens:
  https://review.opendev.org/#/c/672519/

  The reason why is because the following patch, which switched to bytes_mode=False, doesn't exist in stable/queens:
  https://review.opendev.org/#/c/613648/
  In particular see the changes to _dn_to_id() in https://review.opendev.org/#/c/613648/4/keystone/identity/backends/ldap/common.py.

  Those changes didn't happen in stable/queens so _dn_to_id should still
  be UTF-8 encoding/decoding the appropriate fields. In other words it
  should still be using the following in stable/queens:

          if self.id_attr == utf8_decode(
                  ldap.dn.str2dn(utf8_encode(dn))[0][0][0].lower()):
              return utf8_decode(ldap.dn.str2dn(utf8_encode(dn))[0][0][1])

  [Test Case]
  See test case in https://bugs.launchpad.net/bugs/1782922.

  [Regression Potential]
  The code that will be fixed for this bug (ie. the code in the if statement) is being reverted to what it used to be prior to the bug fix for https://bugs.launchpad.net/bugs/1782922. Prior to 1782922, _dn_to_id() used to only consist of the code that is in the if statment, so the regression potential is very low. Code will be tested to minimize regression potential and patch has been submitted upstream.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1850634/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list