OpenStack Identity (keystone)

Ldap Live test failures

Bug #1347262 reported by Arun Kant
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Invalid
Low
Unassigned

Bug Description

In keystone master, when live ldap test are executed against local openldap instance, 7 tests are failing.

3 tests fail with following error.

Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/mock.py", line 1201, in patched
    return func(*args, **keywargs)
  File "/home/arunkant-uws/myFolder/myWork/openstack/keystone/keystone/tests/test_backend_ldap.py", line 1156, in test_chase_referrals_off
    user_api.get_connection(user=None, password=None)
  File "/home/arunkant-uws/myFolder/myWork/openstack/keystone/keystone/common/ldap/core.py", line 965, in get_connection
    conn.simple_bind_s(user, password)
  File "/home/arunkant-uws/myFolder/myWork/openstack/keystone/keystone/common/ldap/core.py", line 638, in simple_bind_s
    serverctrls, clientctrls)
  File "/home/arunkant-uws/myFolder/myWork/openstack/keystone/keystone/tests/fakeldap.py", line 246, in simple_bind_s
    attrs = self.db[self.key(who)]
AttributeError: 'FakeLdap' object has no attribute 'db'

The tests which are failing with above error are

LiveLDAPIdentity.test_chase_referrals_off
LiveLDAPIdentity.test_chase_referrals_on
LiveLDAPIdentity.test_debug_level_set

Reason: In FakeLdap, the livetest creds are different from backend_ldap.conf and does not match at https://github.com/openstack/keystone/blob/master/keystone/tests/fakeldap.py#L242

1 test fails with following error

Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/mock.py", line 1201, in patched
    return func(*args, **keywargs)
  File "/home/arunkant-uws/myFolder/myWork/openstack/keystone/keystone/tests/test_backend_ldap.py", line 1288, in test_user_mixed_case_attribute
    user['email'])
KeyError: 'email'

Test failed:
LiveLDAPIdentity.test_user_mixed_case_attribute

Reason: CONF.ldap.user_mail_attribute is different in live test. Its mail and not email as in backend_ldap.conf so test code needs to be changed to handle both scenarios.

2 tests fails with following error

Traceback (most recent call last):
  File "/home/arunkant-uws/myFolder/myWork/openstack/keystone/keystone/tests/test_backend_ldap.py", line 695, in test_user_id_comma
    user = self.identity_api.driver.create_user(user_id, user)
  File "/home/arunkant-uws/myFolder/myWork/openstack/keystone/keystone/identity/backends/ldap.py", line 94, in create_user
    user_ref = self.user.create(user)
  File "/home/arunkant-uws/myFolder/myWork/openstack/keystone/keystone/identity/backends/ldap.py", line 230, in create
    values = super(UserApi, self).create(values)
  File "/home/arunkant-uws/myFolder/myWork/openstack/keystone/keystone/common/ldap/core.py", line 1390, in create
    ref = super(EnabledEmuMixIn, self).create(values)
  File "/home/arunkant-uws/myFolder/myWork/openstack/keystone/keystone/common/ldap/core.py", line 1085, in create
    conn.add_s(self._id_to_dn(values['id']), attrs)
  File "/home/arunkant-uws/myFolder/myWork/openstack/keystone/keystone/common/ldap/core.py", line 656, in add_s
    return self.conn.add_s(dn_utf8, ldap_attrs_utf8)
  File "/home/arunkant-uws/myFolder/myWork/openstack/keystone/keystone/common/ldap/core.py", line 551, in add_s
    return self.conn.add_s(dn, modlist)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 194, in add_s
    return self.result(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 422, in result
    res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 426, in result2
    res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 432, in result3
    ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 96, in _ldap_call
    result = func(*args,**kwargs)
UNDEFINED_TYPE: {'info': 'domain_id: AttributeDescription contains inappropriate characters', 'desc': 'Undefined attribute type'}

Test failed:
LiveLDAPIdentity.test_user_id_comma
LiveLDAPIdentity.test_user_id_comma_grants

Reason: Related test code creates user using driver instead of using identity api which filters domain_id from response.
Possible solution: Line 695 , 714, 749 in https://review.openstack.org/#/c/95300/19/keystone/tests/test_backend_ldap.py,cm

1 test fails with following error:

Traceback (most recent call last):
  File "/home/arunkant-uws/myFolder/myWork/openstack/keystone/keystone/tests/test_backend_ldap.py", line 1267, in test_user_extra_attribute_mapping_description_is_returned
    user = self.identity_api.create_user(user)
  File "/home/arunkant-uws/myFolder/myWork/openstack/keystone/keystone/notifications.py", line 75, in wrapper
    result = f(*args, **kwargs)
  File "/home/arunkant-uws/myFolder/myWork/openstack/keystone/keystone/identity/core.py", line 182, in wrapper
    return f(self, *args, **kwargs)
  File "/home/arunkant-uws/myFolder/myWork/openstack/keystone/keystone/identity/core.py", line 193, in wrapper
    return f(self, *args, **kwargs)
  File "/home/arunkant-uws/myFolder/myWork/openstack/keystone/keystone/identity/core.py", line 528, in create_user
    ref = driver.create_user(user['id'], user)
  File "/home/arunkant-uws/myFolder/myWork/openstack/keystone/keystone/identity/backends/ldap.py", line 94, in create_user
    user_ref = self.user.create(user)
  File "/home/arunkant-uws/myFolder/myWork/openstack/keystone/keystone/identity/backends/ldap.py", line 230, in create
    values = super(UserApi, self).create(values)
  File "/home/arunkant-uws/myFolder/myWork/openstack/keystone/keystone/common/ldap/core.py", line 1390, in create
    ref = super(EnabledEmuMixIn, self).create(values)
  File "/home/arunkant-uws/myFolder/myWork/openstack/keystone/keystone/common/ldap/core.py", line 1085, in create
    conn.add_s(self._id_to_dn(values['id']), attrs)
  File "/home/arunkant-uws/myFolder/myWork/openstack/keystone/keystone/common/ldap/core.py", line 656, in add_s
    return self.conn.add_s(dn_utf8, ldap_attrs_utf8)
  File "/home/arunkant-uws/myFolder/myWork/openstack/keystone/keystone/common/ldap/core.py", line 551, in add_s
    return self.conn.add_s(dn, modlist)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 194, in add_s
    return self.result(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 422, in result
    res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 426, in result2
    res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 432, in result3
    ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 96, in _ldap_call
    result = func(*args,**kwargs)
TYPE_OR_VALUE_EXISTS: {'info': "attribute 'description' provided more than once", 'desc': 'Type or value exists'}

Test failed:
LiveLDAPIdentity.test_user_extra_attribute_mapping_description_is_returned

Reason: The issue is description attribute is sent twice in add_s call and the line which needs to be modified is
https://github.com/openstack/keystone/blob/master/keystone/common/ldap/core.py#L1073

Possible solution: Line 1350 in https://review.openstack.org/#/c/95300/19/keystone/common/ldap/core.py,cm

Arun Kant (arukant)
Changed in keystone:
assignee: nobody → Arun Kant (arunkant-uws)
David Stanek (dstanek)
Changed in keystone:
status: New → Confirmed
importance: Undecided → Low
Revision history for this message
Steve Martinelli (stevemar) wrote :

this still an issue?

Changed in keystone:
status: Confirmed → Incomplete
tags: added: test-improvement
Revision history for this message
Morgan Fainberg (mdrnstm) wrote :

Marking as invalid since this should have expired as incomplete long ago.

Changed in keystone:
assignee: Arun Kant (arunkant-uws) → nobody
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.