OpenStack Identity (keystone)

"int object is not iterable" when using numerical group names

Bug #1992186 reported by Mohammed Naser
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Undecided
Unassigned

Bug Description

When using federation and having the values of `groups` in the mapping set to a number, it will be parsed into a a number and then fail to authenticate:

```
{"error":{"code":400,"message":"'int' object is not iterable","title":"Bad Request"}}
```

I believe the bad bit is here:

https://github.com/openstack/keystone/blob/326b014434cc760ba08763e1870ac057f7917e98/keystone/federation/utils.py#L650-L661

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/keystone/+/860726

Changed in keystone:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.opendev.org/c/openstack/keystone/+/860726
Committed: https://opendev.org/openstack/keystone/commit/c70d0c33a5977ca7208fbadd876a646cd37ffb31
Submitter: "Zuul (22348)"
Branch: master

commit c70d0c33a5977ca7208fbadd876a646cd37ffb31
Author: Mohammed Naser <email address hidden>
Date: Fri Oct 7 17:06:12 2022 +0000

    fix(federation): allow using numerical group names

    When using a numerical group name, the current codebase which
    relies on ast.literal_eval does not account for the value
    being a number. Therefore, it can be parsed as a number and
    fail in further steps since it will not be a list.

    This patch adds a test to handle that use case and refactor the
    code that leverages ast.literal_eval to be the same everywhere
    so that it adds that fix everywhere.

    Closes-Bug: #1992186
    Change-Id: I665b7e0234650ba07e0d030a2d442d6599d0888a

Changed in keystone:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (stable/2023.1)

Fix proposed to branch: stable/2023.1
Review: https://review.opendev.org/c/openstack/keystone/+/890481

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (stable/zed)

Fix proposed to branch: stable/zed
Review: https://review.opendev.org/c/openstack/keystone/+/890482

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (stable/2023.1)

Reviewed: https://review.opendev.org/c/openstack/keystone/+/890481
Committed: https://opendev.org/openstack/keystone/commit/db16a3f8c1c82e3f70648e48ac54d88663b78a73
Submitter: "Zuul (22348)"
Branch: stable/2023.1

commit db16a3f8c1c82e3f70648e48ac54d88663b78a73
Author: Mohammed Naser <email address hidden>
Date: Fri Oct 7 17:06:12 2022 +0000

    fix(federation): allow using numerical group names

    When using a numerical group name, the current codebase which
    relies on ast.literal_eval does not account for the value
    being a number. Therefore, it can be parsed as a number and
    fail in further steps since it will not be a list.

    This patch adds a test to handle that use case and refactor the
    code that leverages ast.literal_eval to be the same everywhere
    so that it adds that fix everywhere.

    Closes-Bug: #1992186
    Change-Id: I665b7e0234650ba07e0d030a2d442d6599d0888a
    (cherry picked from commit c70d0c33a5977ca7208fbadd876a646cd37ffb31)

tags: added: in-stable-zed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (stable/zed)

Reviewed: https://review.opendev.org/c/openstack/keystone/+/890482
Committed: https://opendev.org/openstack/keystone/commit/a62c18ec68aaa96586c3d8a23f6217bc911f511c
Submitter: "Zuul (22348)"
Branch: stable/zed

commit a62c18ec68aaa96586c3d8a23f6217bc911f511c
Author: Mohammed Naser <email address hidden>
Date: Fri Oct 7 17:06:12 2022 +0000

    fix(federation): allow using numerical group names

    When using a numerical group name, the current codebase which
    relies on ast.literal_eval does not account for the value
    being a number. Therefore, it can be parsed as a number and
    fail in further steps since it will not be a list.

    This patch adds a test to handle that use case and refactor the
    code that leverages ast.literal_eval to be the same everywhere
    so that it adds that fix everywhere.

    Closes-Bug: #1992186
    Change-Id: I665b7e0234650ba07e0d030a2d442d6599d0888a
    (cherry picked from commit c70d0c33a5977ca7208fbadd876a646cd37ffb31)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/keystone 24.0.0.0rc1

This issue was fixed in the openstack/keystone 24.0.0.0rc1 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/keystone 23.0.1

This issue was fixed in the openstack/keystone 23.0.1 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/keystone 22.0.1

This issue was fixed in the openstack/keystone 22.0.1 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.