[Bug 1850634] Re: queens regresion: _dn_to_id() not using utf8_encode/decode
Felipe Reyes
1850634 at bugs.launchpad.net
Mon Jan 13 20:24:21 UTC 2020
I went through the test case using the package available in -proposed
and everything worked fine, no regressions were detected when using
keystone neither.
Here it's the journal of my testing.
$ time tox -e func-smoke
func-smoke installed: DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support,amulet==1.21.0,aodhclient==1.5.0,appdirs==1.4.3,Babel==2.8.0,backports.os==0.1.1,blessings==1.6,bundletester==0.12.2,certifi==2019.11.28,cffi==1.13.2,chardet==3.0.4,charm-tools==2.7.2,charmhelpers==0.20.7,Cheetah3==3.2.4,cliff==2.18.0,cmd2==0.8.9,colander==1.7.0,configparser==4.0.2,contextlib2==0.6.0.post1,coverage==5.0.3,cryptography==2.8,debtcollector==1.22.0,decorator==4.4.1,dict2colander==0.2,distro==1.4.0,distro-info==0.0.0,dogpile.cache==0.9.0,entrypoints==0.3,enum34==1.1.6,extras==1.0.0,fasteners==0.15,fixtures==3.0.0,flake8==2.4.1,funcsigs==1.0.2,functools32==3.2.3.post2,future==0.18.2,futures==3.3.0,futurist==1.10.0,gnocchiclient==3.1.1,httplib2==0.15.0,idna==2.8,importlib-metadata==1.4.0,ipaddress==1.0.23,iso8601==0.1.12,Jinja2==2.10.3,jmespath==0.9.4,jsonpatch==1.24,jsonpointer==2.0,jsonschema==2.5.1,juju-deployer==0.11.0,juju-wait==2.5.0,jujubundlelib==0.5.6,jujuclient==0.54.0,keyring==18.0.1,keystoneauth1==3.18.0,launchpadlib==1.10.9,lazr.authentication==0.1.3,lazr.restfulclient==0.14.2,lazr.uri==1.0.3,libcharmstore==0.0.9,linecache2==1.0.0,macaroonbakery==1.2.3,MarkupSafe==1.1.1,mccabe==0.3.1,mock==3.0.5,monotonic==1.5,more-itertools==5.0.0,msgpack==0.6.2,munch==2.5.0,netaddr==0.7.19,netifaces==0.10.9,nose==1.3.7,oauth==1.0.1,oauthlib==3.1.0,openstacksdk==0.39.0,os-client-config==2.0.0,os-service-types==1.7.0,osc-lib==1.15.0,oslo.concurrency==3.31.0,oslo.config==7.0.0,oslo.context==2.23.0,oslo.i18n==3.25.1,oslo.log==3.45.2,oslo.serialization==2.29.2,oslo.utils==3.42.1,osprofiler==2.9.0,otherstuf==1.1.0,parse==1.14.0,path.py==11.5.2,pathlib2==2.3.5,pathspec==0.3.4,pbr==5.4.4,pep8==1.7.1,pika==0.13.1,pkg-resources==0.0.0,prettytable==0.7.2,protobuf==3.11.2,pycparser==2.19,pyflakes==0.8.1,pyinotify==0.9.6,pymacaroons==0.13.0,PyNaCl==1.3.0,pyOpenSSL==19.1.0,pyparsing==2.4.6,pyperclip==1.7.0,pyRFC3339==1.1,python-barbicanclient==4.9.0,python-ceilometerclient==2.9.0,python-cinderclient==4.3.0,python-dateutil==2.8.1,python-designateclient==3.0.0,python-glanceclient==2.17.0,python-heatclient==1.18.0,python-keystoneclient==3.22.0,python-manilaclient==1.29.0,python-mimeparse==1.6.0,python-neutronclient==6.14.0,python-novaclient==16.0.0,python-openstackclient==4.0.0,python-subunit==1.3.0,python-swiftclient==3.8.1,pytz==2019.3,pyudev==0.21.0,PyYAML==3.13,requests==2.22.0,requestsexceptions==1.4.0,rfc3986==1.3.2,ruamel.ordereddict==0.4.14,ruamel.yaml==0.15.100,scandir==1.10.0,SecretStorage==2.3.1,simplejson==3.17.0,six==1.13.0,stestr==2.6.0,stevedore==1.31.0,stuf==0.9.16,subprocess32==3.5.4,Tempita==0.5.2,testresources==2.0.1,testtools==2.3.0,theblues==0.5.2,traceback2==1.4.0,translationstring==1.3,unicodecsv==0.14.1,unittest2==1.1.0,urllib3==1.25.7,vergit==1.0.2,virtualenv==16.7.9,voluptuous==0.11.7,wadllib==1.3.3,warlock==1.3.3,wcwidth==0.1.8,WebOb==1.8.5,websocket-client==0.40.0,wrapt==1.11.2,wsgi-intercept==1.9.1,zipp==0.6.0,zope.interface==4.7.1
func-smoke run-test-pre: PYTHONHASHSEED='0'
func-smoke runtests: commands[0] | bundletester -vl DEBUG -r json -o func-results.json gate-basic-bionic-queens --no-destroy
DEBUG:bundletester.utils:Updating JUJU_MODEL: "" -> "stsstack-stsstack:admin/lp1850634"
DEBUG:root:Bootstrap environment: stsstack-stsstack:admin/lp1850634
DEBUG:deployer.env:Connecting to stsstack-stsstack:admin/lp1850634...
DEBUG:jujuclient.connector:Connecting to wss://10.5.0.14:17070/model/8a5aca16-9818-419d-8c01-0839c05d5897/api
DEBUG:deployer.env:Connected.
DEBUG:deployer.env: Destroying application keystone-ldap
DEBUG:deployer.env: Destroying application keystone
DEBUG:deployer.env: Destroying application ldap-server
DEBUG:deployer.env: Destroying application percona-cluster
DEBUG:deployer.env: No unit errors found.
DEBUG:deployer.env: Terminating machines forcefully
DEBUG:deployer.env: Terminating machine 0
DEBUG:deployer.env: Terminating machine 1
DEBUG:deployer.env: Terminating machine 2
INFO:deployer.env: Waiting for machine termination
DEBUG:jujuclient.connector:Connecting to wss://10.5.0.14:17070/model/8a5aca16-9818-419d-8c01-0839c05d5897/api
DEBUG:root:Waiting for applications to be removed...
DEBUG:root: Remaining applications: [u'percona-cluster']
DEBUG:runner:call ['/home/freyes/Projects/charms/openstack/builds/keystone-ldap/.tox/func-smoke/bin/charm-proof'] (cwd: /tmp/bundletester-ogQiBL/keystone-ldap)
DEBUG:runner:I: `display-name` not provided, add for custom naming in the UI
DEBUG:runner:I: config.yaml: option ssl_key has no default value
DEBUG:runner:I: config.yaml: option ssl_cert has no default value
DEBUG:runner:I: config.yaml: option ldap-user has no default value
DEBUG:runner:I: config.yaml: option ldap-server has no default value
DEBUG:runner:I: config.yaml: option ssl_ca has no default value
DEBUG:runner:I: config.yaml: option ldap-password has no default value
DEBUG:runner:I: config.yaml: option domain-name has no default value
DEBUG:runner:I: config.yaml: option ldap-suffix has no default value
DEBUG:runner:I: config.yaml: option ldap-config-flags has no default value
DEBUG:runner:I: config.yaml: option tls-ca-ldap has no default value
DEBUG:runner:Exit Code: 0
DEBUG:deployer.env: Terminating machines forcefully
INFO:deployer.env: Waiting for machine termination
DEBUG:jujuclient.connector:Connecting to wss://10.5.0.14:17070/model/8a5aca16-9818-419d-8c01-0839c05d5897/api
DEBUG:root:Waiting for applications to be removed...
DEBUG:runner:call ['/tmp/bundletester-ogQiBL/keystone-ldap/tests/gate-basic-bionic-queens'] (cwd: /tmp/bundletester-ogQiBL/keystone-ldap)
DEBUG:runner:2020-01-13 12:35:09,309 __init__ INFO: OpenStackAmuletDeployment: init
DEBUG:runner:2020-01-13 12:35:09,309 _add_services INFO: OpenStackAmuletDeployment: adding services
DEBUG:runner:2020-01-13 12:35:09,309 _determine_branch_locations INFO: OpenStackAmuletDeployment: determine branch locations
DEBUG:runner:2020-01-13 12:35:12 Starting deployment of stsstack-stsstack:admin/lp1850634
DEBUG:runner:2020-01-13 12:35:14 Deploying applications...
DEBUG:runner:2020-01-13 12:35:14 Deploying application keystone using cs:~openstack-charmers-next/keystone-472
DEBUG:runner:2020-01-13 12:35:22 Deploying application keystone-ldap using /tmp/charm8Ghyrt/bionic/keystone-ldap
DEBUG:runner:2020-01-13 12:36:12 Deploying application ldap-server using /tmp/charmXCNist/bionic/charm-ldap-test-fixture
DEBUG:runner:2020-01-13 12:36:20 Deploying application percona-cluster using cs:~openstack-charmers-next/percona-cluster-358
DEBUG:runner:2020-01-13 12:36:32 Config specifies num units for subordinate: keystone-ldap
DEBUG:runner:2020-01-13 13:09:00 Adding relations...
DEBUG:runner:2020-01-13 13:09:00 Adding relation keystone:shared-db <-> percona-cluster:shared-db
DEBUG:runner:2020-01-13 13:09:10 Adding relation keystone:domain-backend <-> keystone-ldap:domain-backend
DEBUG:runner:2020-01-13 13:14:42 Deployment complete in 2370.27 seconds
...
~ $ juju ssh keystone/1 sudo su -
root at juju-5d5897-lp1850634-3:~# vim /etc/keystone/domains/keystone.userdomain.conf
root at juju-5d5897-lp1850634-3:~# cat /etc/keystone/domains/keystone.userdomain.conf
[ldap]
url = ldap://10.5.0.10
user = cn=admin,dc=test,dc=com
password = crapper
suffix = dc=test,dc=com
user_allow_create = False
user_allow_update = False
user_allow_delete = False
group_allow_create = False
group_allow_update = False
group_allow_delete = False
# Upstream release note for more context:
# Fixed the problem where Keystone indiscriminately return the first RDN
# as the user ID, regardless whether it matches the configured
# 'user_id_attribute' or not. This will break deployments where
# 'group_members_are_ids' are set to False and 'user_id_attribute' is not
# in the DN. This patch will perform a lookup by DN if the first RND does
# not match the configured 'user_id_attribute'.
###### Test scenario 1 (exercises else path in _dn_to_id) ######
# Prior to bug 1782922 fix, 'openstack user list --group cloud --domain userdomain'
# returns nothing.
# After bug 1782922 fix, 'openstack user list --group cloud --domain userdomain'
# returns users. _dn_to_id() takes new else path, where 'ID' attribute is not in
# the DN, and LDAP search is performed to look it up from the user entry itself.
group_id_attribute = businessCategory
group_name_attribute = businessCategory
group_member_attribute = member
group_members_are_ids = False
group_objectclass = groupOfNames
group_tree_dn = ou=groups,dc=test,dc=com
#user_id_attribute = uidNumber
user_objectclass = inetOrgPerson
user_tree_dn = ou=users,dc=test,dc=com
###### Test scenario 2 (exercises if path in _dn_to_id) ######
# Configuration is same as above except user_id_attribute not specified.
# User supplied configuration flags
[identity]
driver = ldap
~ $ juju config keystone debug
false ~ $ juju config keystone debug=true
~ $ juju status
Model Controller Cloud/Region Version SLA Timestamp
lp1850634 stsstack-stsstack stsstack/stsstack 2.7-rc6 unsupported 16:20:57-03:00
App Version Status Scale Charm Store Rev OS Notes
keystone 13.0.2 active 1 keystone jujucharms 472 ubuntu
keystone-ldap 13.0.2 active 1 keystone-ldap local 1 ubuntu
ldap-server active 1 ldap-test-fixture local 1 ubuntu
percona-cluster 5.7.20 active 1 percona-cluster jujucharms 358 ubuntu
Unit Workload Agent Machine Public address Ports Message
keystone/1* active executing 3 10.5.0.20 5000/tcp (config-changed) Unit is ready
keystone-ldap/1* active idle 10.5.0.20 Unit is ready
ldap-server/1* active idle 4 10.5.0.10 Unit is ready
percona-cluster/1* active idle 5 10.5.0.26 3306/tcp Unit is ready
Machine State DNS Inst id Series AZ Message
3 started 10.5.0.20 9d85293c-b2db-4f99-b467-4f0665a0c8d7 bionic nova ACTIVE
4 started 10.5.0.10 1c376cce-4ce7-4612-b941-4fdfd9d717c5 bionic nova ACTIVE
5 started 10.5.0.26 a4ebf466-a708-497b-a5ac-cf7806e37fc6 bionic nova ACTIVE
~ $ juju status
Model Controller Cloud/Region Version SLA Timestamp
lp1850634 stsstack-stsstack stsstack/stsstack 2.7-rc6 unsupported 16:21:21-03:00
App Version Status Scale Charm Store Rev OS Notes
keystone 13.0.2 maintenance 1 keystone jujucharms 472 ubuntu
keystone-ldap 13.0.2 active 1 keystone-ldap local 1 ubuntu
ldap-server active 1 ldap-test-fixture local 1 ubuntu
percona-cluster 5.7.20 active 1 percona-cluster jujucharms 358 ubuntu
Unit Workload Agent Machine Public address Ports Message
keystone/1* maintenance executing 3 10.5.0.20 5000/tcp (config-changed) Updating NRPE configuration
keystone-ldap/1* active idle 10.5.0.20 Unit is ready
ldap-server/1* active idle 4 10.5.0.10 Unit is ready
percona-cluster/1* active idle 5 10.5.0.26 3306/tcp Unit is ready
Machine State DNS Inst id Series AZ Message
3 started 10.5.0.20 9d85293c-b2db-4f99-b467-4f0665a0c8d7 bionic nova ACTIVE
4 started 10.5.0.10 1c376cce-4ce7-4612-b941-4fdfd9d717c5 bionic nova ACTIVE
5 started 10.5.0.26 a4ebf466-a708-497b-a5ac-cf7806e37fc6 bionic nova ACTIVE
~ $ juju status
Model Controller Cloud/Region Version SLA Timestamp
lp1850634 stsstack-stsstack stsstack/stsstack 2.7-rc6 unsupported 16:29:33-03:00
App Version Status Scale Charm Store Rev OS Notes
keystone 13.0.2 active 1 keystone jujucharms 472 ubuntu
keystone-ldap 13.0.2 active 1 keystone-ldap local 1 ubuntu
ldap-server active 1 ldap-test-fixture local 1 ubuntu
percona-cluster 5.7.20 active 1 percona-cluster jujucharms 358 ubuntu
Unit Workload Agent Machine Public address Ports Message
keystone/1* active idle 3 10.5.0.20 5000/tcp Unit is ready
keystone-ldap/1* active idle 10.5.0.20 Unit is ready
ldap-server/1* active idle 4 10.5.0.10 Unit is ready
percona-cluster/1* active idle 5 10.5.0.26 3306/tcp Unit is ready
Machine State DNS Inst id Series AZ Message
3 started 10.5.0.20 9d85293c-b2db-4f99-b467-4f0665a0c8d7 bionic nova ACTIVE
4 started 10.5.0.10 1c376cce-4ce7-4612-b941-4fdfd9d717c5 bionic nova ACTIVE
5 started 10.5.0.26 a4ebf466-a708-497b-a5ac-cf7806e37fc6 bionic nova ACTIVE
root at juju-5d5897-lp1850634-3:/var/log/keystone# tail -f keystone.log
warnings.warn(msg)
(keystone.common.wsgi): 2020-01-13 20:01:44,018 WARNING Could not find domain: userdomain.
(keystone.common.wsgi): 2020-01-13 20:01:44,417 WARNING Could not find group: cloud.
(py.warnings): 2020-01-13 20:01:44,610 WARNING /usr/lib/python2.7/dist-packages/oslo_policy/policy.py:865: UserWarning: Policy identity:list_groups failed scope check. The token used to make the request was project scoped but the policy requires ['system'] scope. This behavior may change in the future where using the intended scope is required
warnings.warn(msg)
(py.warnings): 2020-01-13 20:01:44,851 WARNING /usr/lib/python2.7/dist-packages/oslo_policy/policy.py:865: UserWarning: Policy identity:list_users_in_group failed scope check. The token used to make the request was project scoped but the policy requires ['system'] scope. This behavior may change in the future where using the intended scope is required
warnings.warn(msg)
(keystone.common.wsgi): 2020-01-13 20:02:16,966 WARNING Could not find domain: userdomain.
(py.warnings): 2020-01-13 20:02:17,158 WARNING /usr/lib/python2.7/dist-packages/oslo_policy/policy.py:865: UserWarning: Policy identity:list_domains failed scope check. The token used to make the request was project scoped but the policy requires ['system'] scope. This behavior may change in the future where using the intended scope is required
warnings.warn(msg)
(keystone.common.wsgi): 2020-01-13 20:02:17,363 WARNING Could not find domain: userdomain.
(keystone.common.wsgi): 2020-01-13 20:02:17,769 WARNING Could not find group: cloud.
(py.warnings): 2020-01-13 20:02:17,953 WARNING /usr/lib/python2.7/dist-packages/oslo_policy/policy.py:865: UserWarning: Policy identity:list_groups failed scope check. The token used to make the request was project scoped but the policy requires ['system'] scope. This behavior may change in the future where using the intended scope is required
warnings.warn(msg)
(py.warnings): 2020-01-13 20:02:18,157 WARNING /usr/lib/python2.7/dist-packages/oslo_policy/policy.py:865: UserWarning: Policy identity:list_users_in_group failed scope check. The token used to make the request was project scoped but the policy requires ['system'] scope. This behavior may change in the future where using the intended scope is required
warnings.warn(msg)
(keystone.common.wsgi): 2020-01-13 20:02:24,974 WARNING Could not find domain: userdomain.
(py.warnings): 2020-01-13 20:02:25,456 WARNING /usr/lib/python2.7/dist-packages/oslo_policy/policy.py:865: UserWarning: Policy identity:list_users failed scope check. The token used to make the request was project scoped but the policy requires ['system'] scope. This behavior may change in the future where using the intended scope is required
warnings.warn(msg)
(keystone.common.wsgi): 2020-01-13 20:02:27,632 WARNING Could not find domain: userdomain.
(keystone.common.wsgi): 2020-01-13 20:02:31,875 WARNING Could not find domain: userdomain.
(keystone.common.wsgi): 2020-01-13 20:02:32,268 WARNING Could not find domain: userdomain.
(keystone.common.wsgi): 2020-01-13 20:02:32,650 WARNING Could not find group: cloud.
^C
root at juju-5d5897-lp1850634-3:/var/log/keystone# vim /etc/apt/sources.list
root at juju-5d5897-lp1850634-3:/var/log/keystone# apt-get update
Get:1 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]
Hit:2 http://nova.clouds.archive.ubuntu.com/ubuntu bionic InRelease
Get:3 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed InRelease [242 kB]
Get:4 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages [606 kB]
Get:5 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
Get:6 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB]
Get:7 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 Packages [71.8 kB]
Get:8 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main Translation-en [33.3 kB]
Get:9 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/universe amd64 Packages [48.6 kB]
Get:10 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/universe Translation-en [25.0 kB]
Get:11 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/multiverse amd64 Packages [1316 B]
Get:12 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/multiverse Translation-en [568 B]
Get:13 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages [830 kB]
Get:14 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages [1036 kB]
Fetched 3146 kB in 1s (2156 kB/s)
Reading package lists... Done
root at juju-5d5897-lp1850634-3:/var/log/keystone# apt policy keystone
keystone:
Installed: 2:13.0.2-0ubuntu1
Candidate: 2:13.0.2-0ubuntu3
Version table:
2:13.0.2-0ubuntu3 500
500 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 Packages
*** 2:13.0.2-0ubuntu1 500
500 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
100 /var/lib/dpkg/status
2:13.0.0-0ubuntu1 500
500 http://nova.clouds.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
root at juju-5d5897-lp1850634-3:/var/log/keystone# apt upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages were automatically installed and are no longer required:
grub-pc-bin libdumbnet1
Use 'apt autoremove' to remove them.
The following packages will be upgraded:
apport cpp-7 g++-7 gcc-7 gcc-7-base gcc-8-base keystone libasan4 libatomic1 libcc1-0 libcilkrts5 libdrm-common libdrm2 libgcc-7-dev libgcc1 libgcrypt20 libglib2.0-0 libglib2.0-data libgomp1 libitm1 liblsan0 libmpx2 libquadmath0
libstdc++-7-dev libstdc++6 libtsan0 libubsan0 login mdadm open-iscsi passwd python-keystone python3-apport python3-problem-report rsyslog uidmap
36 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 38.1 MB of archives.
After this operation, 4403 kB of additional disk space will be used.
Do you want to continue? [Y/n]
Get:1 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 login amd64 1:4.5-1ubuntu2.1 [307 kB]
Get:2 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 open-iscsi amd64 2.0.874-5ubuntu2.9 [280 kB]
Get:3 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 libtsan0 amd64 8.3.0-26ubuntu1~18.04 [288 kB]
Get:4 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 gcc-8-base amd64 8.3.0-26ubuntu1~18.04 [18.3 kB]
Get:5 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 libstdc++6 amd64 8.3.0-26ubuntu1~18.04 [400 kB]
Get:6 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 libquadmath0 amd64 8.3.0-26ubuntu1~18.04 [134 kB]
Get:7 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 libmpx2 amd64 8.3.0-26ubuntu1~18.04 [11.6 kB]
Get:8 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 liblsan0 amd64 8.3.0-26ubuntu1~18.04 [133 kB]
Get:9 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 libitm1 amd64 8.3.0-26ubuntu1~18.04 [27.9 kB]
Get:10 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 libgomp1 amd64 8.3.0-26ubuntu1~18.04 [76.5 kB]
Get:11 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 libcc1-0 amd64 8.3.0-26ubuntu1~18.04 [39.4 kB]
Get:12 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 libatomic1 amd64 8.3.0-26ubuntu1~18.04 [9192 B]
Get:13 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 libgcc1 amd64 1:8.3.0-26ubuntu1~18.04 [40.7 kB]
Get:14 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-updates/main amd64 libgcrypt20 amd64 1.8.1-4ubuntu1.2 [417 kB]
Get:15 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 passwd amd64 1:4.5-1ubuntu2.1 [819 kB]
Get:16 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 libglib2.0-0 amd64 2.56.4-0ubuntu0.18.04.5 [1170 kB]
Get:17 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 libglib2.0-data all 2.56.4-0ubuntu0.18.04.5 [4692 B]
Get:18 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 rsyslog amd64 8.32.0-1ubuntu4.1 [412 kB]
Get:19 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 libdrm-common all 2.4.99-1ubuntu1~18.04.1 [5264 B]
Get:20 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 libdrm2 amd64 2.4.99-1ubuntu1~18.04.1 [31.7 kB]
Get:21 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 python3-problem-report all 2.20.9-0ubuntu7.10 [10.6 kB]
Get:22 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 python3-apport all 2.20.9-0ubuntu7.10 [81.8 kB]
Get:23 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 apport all 2.20.9-0ubuntu7.10 [124 kB]
Get:24 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 libubsan0 amd64 7.5.0-3ubuntu1~18.04 [126 kB]
Get:25 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 libasan4 amd64 7.5.0-3ubuntu1~18.04 [358 kB]
Get:26 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 libcilkrts5 amd64 7.5.0-3ubuntu1~18.04 [42.5 kB]
Get:27 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 g++-7 amd64 7.5.0-3ubuntu1~18.04 [9697 kB]
Get:28 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 gcc-7 amd64 7.5.0-3ubuntu1~18.04 [9381 kB]
Get:29 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 libstdc++-7-dev amd64 7.5.0-3ubuntu1~18.04 [1471 kB]
Get:30 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 libgcc-7-dev amd64 7.5.0-3ubuntu1~18.04 [2378 kB]
Get:31 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 cpp-7 amd64 7.5.0-3ubuntu1~18.04 [8591 kB]
Get:32 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 gcc-7-base amd64 7.5.0-3ubuntu1~18.04 [18.3 kB]
Get:33 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 mdadm amd64 4.1~rc1-3~ubuntu18.04.3 [417 kB]
Get:34 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 uidmap amd64 1:4.5-1ubuntu2.1 [65.6 kB]
Get:35 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 keystone all 2:13.0.2-0ubuntu3 [42.7 kB]
Get:36 http://nova.clouds.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 python-keystone all 2:13.0.2-0ubuntu3 [663 kB]
Fetched 38.1 MB in 2s (20.0 MB/s)
Extracting templates from packages: 100%
Preconfiguring packages ...
(Reading database ... 108224 files and directories currently installed.)
Preparing to unpack .../login_1%3a4.5-1ubuntu2.1_amd64.deb ...
Unpacking login (1:4.5-1ubuntu2.1) over (1:4.5-1ubuntu2) ...
Setting up login (1:4.5-1ubuntu2.1) ...
(Reading database ... 108224 files and directories currently installed.)
Preparing to unpack .../open-iscsi_2.0.874-5ubuntu2.9_amd64.deb ...
Unpacking open-iscsi (2.0.874-5ubuntu2.9) over (2.0.874-5ubuntu2.7) ...
Preparing to unpack .../libtsan0_8.3.0-26ubuntu1~18.04_amd64.deb ...
Unpacking libtsan0:amd64 (8.3.0-26ubuntu1~18.04) over (8.3.0-6ubuntu1~18.04.1) ...
Preparing to unpack .../gcc-8-base_8.3.0-26ubuntu1~18.04_amd64.deb ...
Unpacking gcc-8-base:amd64 (8.3.0-26ubuntu1~18.04) over (8.3.0-6ubuntu1~18.04.1) ...
Setting up gcc-8-base:amd64 (8.3.0-26ubuntu1~18.04) ...
(Reading database ... 108226 files and directories currently installed.)
Preparing to unpack .../libstdc++6_8.3.0-26ubuntu1~18.04_amd64.deb ...
Unpacking libstdc++6:amd64 (8.3.0-26ubuntu1~18.04) over (8.3.0-6ubuntu1~18.04.1) ...
Setting up libstdc++6:amd64 (8.3.0-26ubuntu1~18.04) ...
(Reading database ... 108226 files and directories currently installed.)
Preparing to unpack .../0-libquadmath0_8.3.0-26ubuntu1~18.04_amd64.deb ...
Unpacking libquadmath0:amd64 (8.3.0-26ubuntu1~18.04) over (8.3.0-6ubuntu1~18.04.1) ...
Preparing to unpack .../1-libmpx2_8.3.0-26ubuntu1~18.04_amd64.deb ...
Unpacking libmpx2:amd64 (8.3.0-26ubuntu1~18.04) over (8.3.0-6ubuntu1~18.04.1) ...
Preparing to unpack .../2-liblsan0_8.3.0-26ubuntu1~18.04_amd64.deb ...
Unpacking liblsan0:amd64 (8.3.0-26ubuntu1~18.04) over (8.3.0-6ubuntu1~18.04.1) ...
Preparing to unpack .../3-libitm1_8.3.0-26ubuntu1~18.04_amd64.deb ...
Unpacking libitm1:amd64 (8.3.0-26ubuntu1~18.04) over (8.3.0-6ubuntu1~18.04.1) ...
Preparing to unpack .../4-libgomp1_8.3.0-26ubuntu1~18.04_amd64.deb ...
Unpacking libgomp1:amd64 (8.3.0-26ubuntu1~18.04) over (8.3.0-6ubuntu1~18.04.1) ...
Preparing to unpack .../5-libcc1-0_8.3.0-26ubuntu1~18.04_amd64.deb ...
Unpacking libcc1-0:amd64 (8.3.0-26ubuntu1~18.04) over (8.3.0-6ubuntu1~18.04.1) ...
Preparing to unpack .../6-libatomic1_8.3.0-26ubuntu1~18.04_amd64.deb ...
Unpacking libatomic1:amd64 (8.3.0-26ubuntu1~18.04) over (8.3.0-6ubuntu1~18.04.1) ...
Preparing to unpack .../7-libgcc1_1%3a8.3.0-26ubuntu1~18.04_amd64.deb ...
Unpacking libgcc1:amd64 (1:8.3.0-26ubuntu1~18.04) over (1:8.3.0-6ubuntu1~18.04.1) ...
Setting up libgcc1:amd64 (1:8.3.0-26ubuntu1~18.04) ...
(Reading database ... 108226 files and directories currently installed.)
Preparing to unpack .../libgcrypt20_1.8.1-4ubuntu1.2_amd64.deb ...
Unpacking libgcrypt20:amd64 (1.8.1-4ubuntu1.2) over (1.8.1-4ubuntu1.1) ...
Setting up libgcrypt20:amd64 (1.8.1-4ubuntu1.2) ...
(Reading database ... 108226 files and directories currently installed.)
Preparing to unpack .../passwd_1%3a4.5-1ubuntu2.1_amd64.deb ...
Unpacking passwd (1:4.5-1ubuntu2.1) over (1:4.5-1ubuntu2) ...
Setting up passwd (1:4.5-1ubuntu2.1) ...
(Reading database ... 108226 files and directories currently installed.)
Preparing to unpack .../00-libglib2.0-0_2.56.4-0ubuntu0.18.04.5_amd64.deb ...
Unpacking libglib2.0-0:amd64 (2.56.4-0ubuntu0.18.04.5) over (2.56.4-0ubuntu0.18.04.4) ...
Preparing to unpack .../01-libglib2.0-data_2.56.4-0ubuntu0.18.04.5_all.deb ...
Unpacking libglib2.0-data (2.56.4-0ubuntu0.18.04.5) over (2.56.4-0ubuntu0.18.04.4) ...
Preparing to unpack .../02-rsyslog_8.32.0-1ubuntu4.1_amd64.deb ...
Unpacking rsyslog (8.32.0-1ubuntu4.1) over (8.32.0-1ubuntu4) ...
Preparing to unpack .../03-libdrm-common_2.4.99-1ubuntu1~18.04.1_all.deb ...
Unpacking libdrm-common (2.4.99-1ubuntu1~18.04.1) over (2.4.97-1ubuntu1~18.04.1) ...
Preparing to unpack .../04-libdrm2_2.4.99-1ubuntu1~18.04.1_amd64.deb ...
Unpacking libdrm2:amd64 (2.4.99-1ubuntu1~18.04.1) over (2.4.97-1ubuntu1~18.04.1) ...
Preparing to unpack .../05-python3-problem-report_2.20.9-0ubuntu7.10_all.deb ...
Unpacking python3-problem-report (2.20.9-0ubuntu7.10) over (2.20.9-0ubuntu7.9) ...
Preparing to unpack .../06-python3-apport_2.20.9-0ubuntu7.10_all.deb ...
Unpacking python3-apport (2.20.9-0ubuntu7.10) over (2.20.9-0ubuntu7.9) ...
Preparing to unpack .../07-apport_2.20.9-0ubuntu7.10_all.deb ...
Unpacking apport (2.20.9-0ubuntu7.10) over (2.20.9-0ubuntu7.9) ...
Preparing to unpack .../08-libubsan0_7.5.0-3ubuntu1~18.04_amd64.deb ...
Unpacking libubsan0:amd64 (7.5.0-3ubuntu1~18.04) over (7.4.0-1ubuntu1~18.04.1) ...
Preparing to unpack .../09-libasan4_7.5.0-3ubuntu1~18.04_amd64.deb ...
Unpacking libasan4:amd64 (7.5.0-3ubuntu1~18.04) over (7.4.0-1ubuntu1~18.04.1) ...
Preparing to unpack .../10-libcilkrts5_7.5.0-3ubuntu1~18.04_amd64.deb ...
Unpacking libcilkrts5:amd64 (7.5.0-3ubuntu1~18.04) over (7.4.0-1ubuntu1~18.04.1) ...
Preparing to unpack .../11-g++-7_7.5.0-3ubuntu1~18.04_amd64.deb ...
Unpacking g++-7 (7.5.0-3ubuntu1~18.04) over (7.4.0-1ubuntu1~18.04.1) ...
Preparing to unpack .../12-gcc-7_7.5.0-3ubuntu1~18.04_amd64.deb ...
Unpacking gcc-7 (7.5.0-3ubuntu1~18.04) over (7.4.0-1ubuntu1~18.04.1) ...
Preparing to unpack .../13-libstdc++-7-dev_7.5.0-3ubuntu1~18.04_amd64.deb ...
Unpacking libstdc++-7-dev:amd64 (7.5.0-3ubuntu1~18.04) over (7.4.0-1ubuntu1~18.04.1) ...
Preparing to unpack .../14-libgcc-7-dev_7.5.0-3ubuntu1~18.04_amd64.deb ...
Unpacking libgcc-7-dev:amd64 (7.5.0-3ubuntu1~18.04) over (7.4.0-1ubuntu1~18.04.1) ...
Preparing to unpack .../15-cpp-7_7.5.0-3ubuntu1~18.04_amd64.deb ...
Unpacking cpp-7 (7.5.0-3ubuntu1~18.04) over (7.4.0-1ubuntu1~18.04.1) ...
Preparing to unpack .../16-gcc-7-base_7.5.0-3ubuntu1~18.04_amd64.deb ...
Unpacking gcc-7-base:amd64 (7.5.0-3ubuntu1~18.04) over (7.4.0-1ubuntu1~18.04.1) ...
Preparing to unpack .../17-mdadm_4.1~rc1-3~ubuntu18.04.3_amd64.deb ...
Unpacking mdadm (4.1~rc1-3~ubuntu18.04.3) over (4.1~rc1-3~ubuntu18.04.2) ...
Preparing to unpack .../18-uidmap_1%3a4.5-1ubuntu2.1_amd64.deb ...
Unpacking uidmap (1:4.5-1ubuntu2.1) over (1:4.5-1ubuntu2) ...
Preparing to unpack .../19-keystone_2%3a13.0.2-0ubuntu3_all.deb ...
Unpacking keystone (2:13.0.2-0ubuntu3) over (2:13.0.2-0ubuntu1) ...
Preparing to unpack .../20-python-keystone_2%3a13.0.2-0ubuntu3_all.deb ...
Unpacking python-keystone (2:13.0.2-0ubuntu3) over (2:13.0.2-0ubuntu1) ...
Setting up libquadmath0:amd64 (8.3.0-26ubuntu1~18.04) ...
Setting up python-keystone (2:13.0.2-0ubuntu3) ...
Setting up libgomp1:amd64 (8.3.0-26ubuntu1~18.04) ...
Setting up libatomic1:amd64 (8.3.0-26ubuntu1~18.04) ...
Setting up libcc1-0:amd64 (8.3.0-26ubuntu1~18.04) ...
Setting up libtsan0:amd64 (8.3.0-26ubuntu1~18.04) ...
Setting up libglib2.0-0:amd64 (2.56.4-0ubuntu0.18.04.5) ...
No schema files found: doing nothing.
Setting up uidmap (1:4.5-1ubuntu2.1) ...
Setting up open-iscsi (2.0.874-5ubuntu2.9) ...
Setting up mdadm (4.1~rc1-3~ubuntu18.04.3) ...
update-initramfs: deferring update (trigger activated)
Sourcing file `/etc/default/grub'
Sourcing file `/etc/default/grub.d/50-cloudimg-settings.cfg'
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-4.15.0-74-generic
Found initrd image: /boot/initrd.img-4.15.0-74-generic
Found linux image: /boot/vmlinuz-4.15.0-70-generic
Found initrd image: /boot/initrd.img-4.15.0-70-generic
File descriptor 3 (pipe:[250058]) leaked on lvs invocation. Parent PID 21042: /bin/sh
done
update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults
Setting up libdrm-common (2.4.99-1ubuntu1~18.04.1) ...
Setting up liblsan0:amd64 (8.3.0-26ubuntu1~18.04) ...
Setting up gcc-7-base:amd64 (7.5.0-3ubuntu1~18.04) ...
Setting up python3-problem-report (2.20.9-0ubuntu7.10) ...
Setting up keystone (2:13.0.2-0ubuntu3) ...
apache2_invoke keystone.conf: no action - site was disabled by local admin
Setting up libmpx2:amd64 (8.3.0-26ubuntu1~18.04) ...
Setting up libglib2.0-data (2.56.4-0ubuntu0.18.04.5) ...
Setting up libitm1:amd64 (8.3.0-26ubuntu1~18.04) ...
Setting up rsyslog (8.32.0-1ubuntu4.1) ...
Installing new version of config file /etc/apparmor.d/usr.sbin.rsyslogd ...
The user `syslog' is already a member of `adm'.
Skipping profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
Setting up libasan4:amd64 (7.5.0-3ubuntu1~18.04) ...
Setting up libcilkrts5:amd64 (7.5.0-3ubuntu1~18.04) ...
Setting up libubsan0:amd64 (7.5.0-3ubuntu1~18.04) ...
Setting up python3-apport (2.20.9-0ubuntu7.10) ...
Setting up libgcc-7-dev:amd64 (7.5.0-3ubuntu1~18.04) ...
Setting up cpp-7 (7.5.0-3ubuntu1~18.04) ...
Setting up libdrm2:amd64 (2.4.99-1ubuntu1~18.04.1) ...
Setting up libstdc++-7-dev:amd64 (7.5.0-3ubuntu1~18.04) ...
Setting up apport (2.20.9-0ubuntu7.10) ...
apport-autoreport.service is a disabled or a static unit, not starting it.
Setting up gcc-7 (7.5.0-3ubuntu1~18.04) ...
Setting up g++-7 (7.5.0-3ubuntu1~18.04) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Processing triggers for systemd (237-3ubuntu10.33) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Processing triggers for ureadahead (0.100.0-21) ...
Processing triggers for initramfs-tools (0.130ubuntu3.9) ...
update-initramfs: Generating /boot/initrd.img-4.15.0-74-generic
root at juju-5d5897-lp1850634-3:/var/log/keystone# systemctl restart apache2
~ $ openstack user list --domain userdomain
+------------------------------------------------------------------+----------+
| ID | Name |
+------------------------------------------------------------------+----------+
| 6c54085114683984e628d5d8ea305840f17d30927bf4424975391db9ae0bf48e | Jane Doe |
| 1cf2bfb329d67343d6154b239131a68a4c4c4e4701db5540872de0d269e30765 | John Doe |
+------------------------------------------------------------------+----------+
~ $ openstack group list --domain userdomain
+------------------------------------------------------------------+-------+
| ID | Name |
+------------------------------------------------------------------+-------+
| fe33dc32de168eeea2747035b4218df9f1134fd02864ea0eabc5853d9458dda5 | cloud |
+------------------------------------------------------------------+-------+
~ $ openstack user list --group cloud --domain userdomain
+------------------------------------------------------------------+----------+
| ID | Name |
+------------------------------------------------------------------+----------+
| 1cf2bfb329d67343d6154b239131a68a4c4c4e4701db5540872de0d269e30765 | John Doe |
| 6c54085114683984e628d5d8ea305840f17d30927bf4424975391db9ae0bf48e | Jane Doe |
+------------------------------------------------------------------+----------+
** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1850634
Title:
queens regresion: _dn_to_id() not using utf8_encode/decode
Status in Ubuntu Cloud Archive:
Invalid
Status in Ubuntu Cloud Archive queens series:
Fix Committed
Status in OpenStack Identity (keystone):
Triaged
Status in keystone package in Ubuntu:
Invalid
Status in keystone source package in Bionic:
Fix Committed
Bug description:
[Impact]
There's a regression in the LDAP common backend code due to a recent
stable/queens backport that shouldn't have been backported past
stable/rocky. It was backported as part of the fixes for
https://bugs.launchpad.net/bugs/1782922.
The following patch shouldn't have been backported to stable/queens:
https://review.opendev.org/#/c/672519/
The reason why is because the following patch, which switched to bytes_mode=False, doesn't exist in stable/queens:
https://review.opendev.org/#/c/613648/
In particular see the changes to _dn_to_id() in https://review.opendev.org/#/c/613648/4/keystone/identity/backends/ldap/common.py.
Those changes didn't happen in stable/queens so _dn_to_id should still
be UTF-8 encoding/decoding the appropriate fields. In other words it
should still be using the following in stable/queens:
if self.id_attr == utf8_decode(
ldap.dn.str2dn(utf8_encode(dn))[0][0][0].lower()):
return utf8_decode(ldap.dn.str2dn(utf8_encode(dn))[0][0][1])
[Test Case]
See test case in https://bugs.launchpad.net/bugs/1782922.
[Regression Potential]
The code that will be fixed for this bug (ie. the code in the if statement) is being reverted to what it used to be prior to the bug fix for https://bugs.launchpad.net/bugs/1782922. Prior to 1782922, _dn_to_id() used to only consist of the code that is in the if statment, so the regression potential is very low. Code will be tested to minimize regression potential and patch has been submitted upstream.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1850634/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list