Identity provider create fails if remote_id is not set

Bug #1440185 reported by Nathan Kinder on 2015-04-03
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Nathan Kinder

Bug Description

When support for multiple remote_ids was added (, a prolem was introduced where Keystone will return a 400 response when an identity provider is created without a remote_id. The remote_id is supposed to be optional. Here is what the problem looks like using python-openstackclient:

[root@rdo ~]# openstack --os-auth-url http://rdo.rdodom.test:5000/v3 --os-user-domain-name default \
    --os-username admin --os-password password --os-project-domain-name default --os-project-name admin \
    --os-identity-api-version 3 identity provider create --enable test
ERROR: openstack 'NoneType' object is not iterable (HTTP 400) (Request-ID: req-172efcf5-6e1b-4059-99f1-44acb069067a)

The problem is that the dict that is passed into IdentityProviderModel.from_dict() looks like this:

  {u'enabled': True, u'description': None, u'remote_ids': None}

We pop the 'remote_ids' item from the dict to create remote_ids_list, but this results in the list being None. We then try to iterate the list, which triggers an exception that leads to the 400 error. We need to fix the way we initialize the list.

Nathan Kinder (nkinder) on 2015-04-03
Changed in keystone:
assignee: nobody → Nathan Kinder (nkinder)

Fix proposed to branch: master

Changed in keystone:
status: New → In Progress
Changed in keystone:
importance: Undecided → High
milestone: none → kilo-rc1
Adam Young (ayoung) wrote :

Just hit this myself, and worked through it using the same change.

Submitter: Jenkins
Branch: master

commit 384c3f9100c4a69fe4300a1db9cd5cb233d1ed60
Author: Nathan Kinder <email address hidden>
Date: Fri Apr 3 12:53:01 2015 -0700

    Allow identity provider to be created with remote_ids set to None

    When support was added for multiple remote_ids, identity provider
    creation was broken when remote_ids are specified as None instead
    of an empty list. The remote_ids are supposed to be optional. This
    causes 400 errors when using python-openstackclient to create an
    identity provider without any remote_ids.

    Change-Id: I9a4d1206f6df95636ae350236f6e704ca37f7b73
    Closes-bug: #1440185

Changed in keystone:
status: In Progress → Fix Committed
Thierry Carrez (ttx) on 2015-04-07
Changed in keystone:
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2015-04-30
Changed in keystone:
milestone: kilo-rc1 → 2015.1.0
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers