OpenStack Identity (keystone)

keystone with LDAP identity complains about invalid input for trustor_user_id

Bug #1407661 reported by Marcus Klein on 2015-01-05

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	High	Steve Martinelli	OpenStack Identity (keystone) 2015.1.0 "kilo"

Bug Description

I just upgraded to the Juno release. My setup uses multi-domains while the default domain is backend by the LDAP identity. A secondary domain for Heat is backend by SQL.

Creating a stack through Heat gives now the following error in keystone:

2015-01-05 12:35:59.069 25926 WARNING keystone.common.wsgi [-] Invalid input for field 'trustor_user_id'. The value is 'marcus.klein'.

The corresponding error message in Heat is:

2015-01-02 15:14:59.144 27660 ERROR oslo.messaging.rpc.dispatcher [req-edf2bcfe-5082-4cd8-a617-cece969aac38 ] Exception during message handling: Invalid input for field 'trustor_user_id'. The value is 'marcus.klein'. (HTTP 400)
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher Traceback (most recent call last):
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher File "/usr/lib/python2.7/dist-packages/oslo/messaging/rpc/dispatcher.py", line 134, in _dispatch_and_reply
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher incoming.message))
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher File "/usr/lib/python2.7/dist-packages/oslo/messaging/rpc/dispatcher.py", line 177, in _dispatch
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher return self._do_dispatch(endpoint, method, ctxt, args)
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher File "/usr/lib/python2.7/dist-packages/oslo/messaging/rpc/dispatcher.py", line 123, in _do_dispatch
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher result = getattr(endpoint, method)(ctxt, **new_args)
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher File "/usr/lib/python2.7/dist-packages/heat/engine/service.py", line 69, in wrapped
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher return func(self, ctx, *args, **kwargs)
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher File "/usr/lib/python2.7/dist-packages/heat/engine/service.py", line 647, in create_stack
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher stack.store()
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher File "/usr/lib/python2.7/dist-packages/heat/engine/stack.py", line 315, in store
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher trust_ctx = keystone.create_trust_context()
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher File "/usr/lib/python2.7/dist-packages/heat/common/heat_keystoneclient.py", line 291, in create_trust_context
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher role_names=roles)
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher File "/usr/lib/python2.7/dist-packages/keystoneclient/v3/contrib/trusts.py", line 74, in create
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher **kwargs)
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher File "/usr/lib/python2.7/dist-packages/keystoneclient/base.py", line 71, in func
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher return f(*args, **new_kwargs)
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher File "/usr/lib/python2.7/dist-packages/keystoneclient/base.py", line 327, in create
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher self.key)
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher File "/usr/lib/python2.7/dist-packages/keystoneclient/base.py", line 150, in _create
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher return self._post(url, body, response_key, return_raw, **kwargs)
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher File "/usr/lib/python2.7/dist-packages/keystoneclient/base.py", line 164, in _post
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher resp, body = self.client.post(url, body=body, **kwargs)
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher File "/usr/lib/python2.7/dist-packages/keystoneclient/httpclient.py", line 617, in post
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher return self._cs_request(url, 'POST', **kwargs)
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher File "/usr/lib/python2.7/dist-packages/keystoneclient/httpclient.py", line 603, in _cs_request
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher return self.request(url, method, **kwargs)
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher File "/usr/lib/python2.7/dist-packages/keystoneclient/httpclient.py", line 578, in request
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher resp = super(HTTPClient, self).request(url, method, **kwargs)
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher File "/usr/lib/python2.7/dist-packages/keystoneclient/baseclient.py", line 21, in request
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher return self.session.request(url, method, **kwargs)
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher File "/usr/lib/python2.7/dist-packages/keystoneclient/utils.py", line 318, in inner
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher return func(*args, **kwargs)
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher File "/usr/lib/python2.7/dist-packages/keystoneclient/session.py", line 339, in request
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher raise exceptions.from_response(resp, method, url)
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher BadRequest: Invalid input for field 'trustor_user_id'. The value is 'marcus.klein'. (HTTP 400)
2015-01-02 15:14:59.144 27660 TRACE oslo.messaging.rpc.dispatcher
2015-01-02 15:14:59.186 27660 ERROR oslo.messaging._drivers.common [req-edf2bcfe-5082-4cd8-a617-cece969aac38 ] Returning exception Invalid input for field 'trustor_user_id'. The value is 'marcus.klein'. (HTTP 400) to caller
2015-01-02 15:14:59.187 27660 ERROR oslo.messaging._drivers.common [req-edf2bcfe-5082-4cd8-a617-cece969aac38 ] ['Traceback (most recent call last):\n', ' File "/usr/lib/python2.7/dist-packages/oslo/messaging/rpc/dispatcher.py", line 134, in _dispatch_and_reply\n incoming.message))\n', ' File "/usr/lib/python2.7/dist-packages/oslo/messaging/rpc/dispatcher.py", line 177, in _dispatch\n return self._do_dispatch(endpoint, method, ctxt, args)\n', ' File "/usr/lib/python2.7/dist-packages/oslo/messaging/rpc/dispatcher.py", line 123, in _do_dispatch\n result = getattr(endpoint, method)(ctxt, **new_args)\n', ' File "/usr/lib/python2.7/dist-packages/heat/engine/service.py", line 69, in wrapped\n return func(self, ctx, *args, **kwargs)\n', ' File "/usr/lib/python2.7/dist-packages/heat/engine/service.py", line 647, in create_stack\n stack.store()\n', ' File "/usr/lib/python2.7/dist-packages/heat/engine/stack.py", line 315, in store\n trust_ctx = keystone.create_trust_context()\n', ' File "/usr/lib/python2.7/dist-packages/heat/common/heat_keystoneclient.py", line 291, in create_trust_context\n role_names=roles)\n', ' File "/usr/lib/python2.7/dist-packages/keystoneclient/v3/contrib/trusts.py", line 74, in create\n **kwargs)\n', ' File "/usr/lib/python2.7/dist-packages/keystoneclient/base.py", line 71, in func\n return f(*args, **new_kwargs)\n', ' File "/usr/lib/python2.7/dist-packages/keystoneclient/base.py", line 327, in create\n self.key)\n', ' File "/usr/lib/python2.7/dist-packages/keystoneclient/base.py", line 150, in _create\n return self._post(url, body, response_key, return_raw, **kwargs)\n', ' File "/usr/lib/python2.7/dist-packages/keystoneclient/base.py", line 164, in _post\n resp, body = self.client.post(url, body=body, **kwargs)\n', ' File "/usr/lib/python2.7/dist-packages/keystoneclient/httpclient.py", line 617, in post\n return self._cs_request(url, \'POST\', **kwargs)\n', ' File "/usr/lib/python2.7/dist-packages/keystoneclient/httpclient.py", line 603, in _cs_request\n return self.request(url, method, **kwargs)\n', ' File "/usr/lib/python2.7/dist-packages/keystoneclient/httpclient.py", line 578, in request\n resp = super(HTTPClient, self).request(url, method, **kwargs)\n', ' File "/usr/lib/python2.7/dist-packages/keystoneclient/baseclient.py", line 21, in request\n return self.session.request(url, method, **kwargs)\n', ' File "/usr/lib/python2.7/dist-packages/keystoneclient/utils.py", line 318, in inner\n return func(*args, **kwargs)\n', ' File "/usr/lib/python2.7/dist-packages/keystoneclient/session.py", line 339, in request\n raise exceptions.from_response(resp, method, url)\n', "BadRequest: Invalid input for field 'trustor_user_id'. The value is 'marcus.klein'. (HTTP 400)\n"]

For my setup I solved the problem by changing keystone/common/validation/parameter_types.py to

id_string = {
    'type': 'string',
    'minLength': 1,
    'maxLength': 64,
    # TODO(lbragstad): Find a way to make this configurable such that the end
    # user chooses how much control they want over id_strings with a regex
    'pattern': '^[a-zA-Z0-9-\.]+$'
}

See the additional "\." in the character list for the pattern.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-01-05: Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/145024

Changed in keystone:
assignee:	nobody → Lance Bragstad (lbragstad)
status:	New → In Progress

Lance Bragstad (lbragstad) on 2015-03-19

Changed in keystone:
milestone:	none → kilo-rc1

OpenStack Infra (hudson-openstack) on 2015-03-25

Changed in keystone:
assignee:	Lance Bragstad (lbragstad) → Steve Martinelli (stevemar)

Morgan Fainberg (mdrnstm) on 2015-03-25

Changed in keystone:
importance:	Undecided → Medium
importance:	Medium → High

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-03-26: Fix merged to keystone (master)

Reviewed: https://review.openstack.org/145024
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=729c1ea723370ac91e4b483ec84f890321b7754f
Submitter: Jenkins
Branch: master

commit 729c1ea723370ac91e4b483ec84f890321b7754f
Author: Lance Bragstad <email address hidden>
Date: Mon Jan 5 16:57:17 2015 +0000

Loosen the validation schema used for trustee/trustor ids

    Previously, the jsonschema validator would match identifier strings to a
    regular expression representing something similar to a UUID. This is not always
    the case depending on how the user may have identifier strings setup in their
    deployment. This change allows for periods to be contained within an identifier
    string.

Change-Id: I18d8a0347bab7c8c403368c53d24d144d36aa093
Closes-Bug: #1407661

Changed in keystone:
status:	In Progress → Fix Committed

Revision history for this message

Bjoern (bjoern-t) wrote on 2015-04-07:

Hello, can we get this back ported into Juno branch ?

Thierry Carrez (ttx) on 2015-04-07

Changed in keystone:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2015-04-30

Changed in keystone:
milestone:	kilo-rc1 → 2015.1.0

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.