The original issue (Keystone failing to tell oslo.config which encoding to use) still exist in Keystone, see analysis in lp:1933109 . I believe now these two bugs are duplicates.
#6 sounds promising and I couldn't find any Keystone Gerrit review attempting it. Should we give it a try?
Traceback of this issue seen on OpenStack Ussuri when having cyrillic chars in the LDAP config:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/keystone/server/flask/request_processing/middleware/auth_context.py", line 103, in _inner
return method(self, request)
File "/usr/lib/python3/dist-packages/keystone/server/flask/request_processing/middleware/auth_context.py", line 358, in process_request
resp = super(AuthContextMiddleware, self).process_request(request)
File "/usr/lib/python3/dist-packages/keystonemiddleware/auth_token/__init__.py", line 409, in process_request
data, user_auth_ref = self._do_fetch_token(
File "/usr/lib/python3/dist-packages/keystonemiddleware/auth_token/__init__.py", line 445, in _do_fetch_token
data = self.fetch_token(token, **kwargs)
File "/usr/lib/python3/dist-packages/keystone/server/flask/request_processing/middleware/auth_context.py", line 252, in fetch_token
self.token = self.token_provider_api.validate_token(
File "/usr/lib/python3/dist-packages/keystone/common/manager.py", line 115, in wrapped
__ret_val = __f(*args, **kwargs)
File "/usr/lib/python3/dist-packages/keystone/token/provider.py", line 145, in validate_token
token = self._validate_token(token_id)
File "<decorator-gen-26>", line 2, in _validate_token
File "/usr/lib/python3/dist-packages/dogpile/cache/region.py", line 1359, in get_or_create_for_user_func
return self.get_or_create(
File "/usr/lib/python3/dist-packages/dogpile/cache/region.py", line 957, in get_or_create
with Lock(
File "/usr/lib/python3/dist-packages/dogpile/lock.py", line 187, in __enter__
return self._enter()
File "/usr/lib/python3/dist-packages/dogpile/lock.py", line 94, in _enter
generated = self._enter_create(value, createdtime)
File "/usr/lib/python3/dist-packages/dogpile/lock.py", line 180, in _enter_create
return self.creator()
File "/usr/lib/python3/dist-packages/dogpile/cache/region.py", line 915, in gen_value
created_value = creator(
File "/usr/lib/python3/dist-packages/keystone/token/provider.py", line 179, in _validate_token
token.mint(token_id, issued_at)
File "/usr/lib/python3/dist-packages/keystone/models/token_model.py", line 580, in mint
self._validate_token_user()
File "/usr/lib/python3/dist-packages/keystone/models/token_model.py", line 503, in _validate_token_user
if not self.user_domain.get('enabled'):
File "/usr/lib/python3/dist-packages/keystone/models/token_model.py", line 139, in user_domain
if self.user:
File "/usr/lib/python3/dist-packages/keystone/models/token_model.py", line 133, in user
self.__user = PROVIDERS.identity_api.get_user(self.user_id)
File "/usr/lib/python3/dist-packages/keystone/common/manager.py", line 115, in wrapped
__ret_val = __f(*args, **kwargs)
File "/usr/lib/python3/dist-packages/keystone/identity/core.py", line 412, in wrapper
self.domain_configs.setup_domain_drivers(
File "/usr/lib/python3/dist-packages/keystone/identity/core.py", line 306, in setup_domain_drivers
self._setup_domain_drivers_from_files(standard_driver,
File "/usr/lib/python3/dist-packages/keystone/identity/core.py", line 159, in _setup_domain_drivers_from_files
self._load_config_from_file(
File "/usr/lib/python3/dist-packages/keystone/identity/core.py", line 125, in _load_config_from_file
domain_config['cfg'](args=[], project='keystone',
File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 2131, in __call__
self._namespace = self._parse_cli_opts(args if args is not None
File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 2897, in _parse_cli_opts
return self._parse_config_files()
File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 2914, in _parse_config_files
ConfigParser._parse_file(config_file, namespace)
File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 1604, in _parse_file
parser.parse()
File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 1559, in parse
return super(ConfigParser, self).parse(f.readlines())
File "/usr/lib/python3.8/encodings/ascii.py", line 26, in decode
return codecs.ascii_decode(input, self.errors)[0]
UnicodeDecodeError: 'ascii' codec can't decode byte 0xd0 in position 94: ordinal not in range(128)
(keystone.server.flask.request_processing.middleware.auth_context): 2021-06-21 12:23:14,525 ERROR 'ascii' codec can't decode byte 0xd0 in position 94: ordinal not in range(128)
The original issue (Keystone failing to tell oslo.config which encoding to use) still exist in Keystone, see analysis in lp:1933109 . I believe now these two bugs are duplicates.
#6 sounds promising and I couldn't find any Keystone Gerrit review attempting it. Should we give it a try?
Traceback of this issue seen on OpenStack Ussuri when having cyrillic chars in the LDAP config:
Traceback (most recent call last): python3/ dist-packages/ keystone/ server/ flask/request_ processing/ middleware/ auth_context. py", line 103, in _inner python3/ dist-packages/ keystone/ server/ flask/request_ processing/ middleware/ auth_context. py", line 358, in process_request xtMiddleware, self).process_ request( request) python3/ dist-packages/ keystonemiddlew are/auth_ token/_ _init__ .py", line 409, in process_request fetch_token( python3/ dist-packages/ keystonemiddlew are/auth_ token/_ _init__ .py", line 445, in _do_fetch_token token(token, **kwargs) python3/ dist-packages/ keystone/ server/ flask/request_ processing/ middleware/ auth_context. py", line 252, in fetch_token provider_ api.validate_ token( python3/ dist-packages/ keystone/ common/ manager. py", line 115, in wrapped python3/ dist-packages/ keystone/ token/provider. py", line 145, in validate_token token(token_ id) gen-26> ", line 2, in _validate_token python3/ dist-packages/ dogpile/ cache/region. py", line 1359, in get_or_ create_ for_user_ func python3/ dist-packages/ dogpile/ cache/region. py", line 957, in get_or_create python3/ dist-packages/ dogpile/ lock.py" , line 187, in __enter__ python3/ dist-packages/ dogpile/ lock.py" , line 94, in _enter create( value, createdtime) python3/ dist-packages/ dogpile/ lock.py" , line 180, in _enter_create python3/ dist-packages/ dogpile/ cache/region. py", line 915, in gen_value python3/ dist-packages/ keystone/ token/provider. py", line 179, in _validate_token mint(token_ id, issued_at) python3/ dist-packages/ keystone/ models/ token_model. py", line 580, in mint _validate_ token_user( ) python3/ dist-packages/ keystone/ models/ token_model. py", line 503, in _validate_ token_user domain. get('enabled' ): python3/ dist-packages/ keystone/ models/ token_model. py", line 139, in user_domain python3/ dist-packages/ keystone/ models/ token_model. py", line 133, in user identity_ api.get_ user(self. user_id) python3/ dist-packages/ keystone/ common/ manager. py", line 115, in wrapped python3/ dist-packages/ keystone/ identity/ core.py" , line 412, in wrapper domain_ configs. setup_domain_ drivers( python3/ dist-packages/ keystone/ identity/ core.py" , line 306, in setup_domain_ drivers _setup_ domain_ drivers_ from_files( standard_ driver, python3/ dist-packages/ keystone/ identity/ core.py" , line 159, in _setup_ domain_ drivers_ from_files _load_config_ from_file( python3/ dist-packages/ keystone/ identity/ core.py" , line 125, in _load_config_ from_file config[ 'cfg']( args=[] , project='keystone', python3/ dist-packages/ oslo_config/ cfg.py" , line 2131, in __call__ cli_opts( args if args is not None python3/ dist-packages/ oslo_config/ cfg.py" , line 2897, in _parse_cli_opts config_ files() python3/ dist-packages/ oslo_config/ cfg.py" , line 2914, in _parse_config_files r._parse_ file(config_ file, namespace) python3/ dist-packages/ oslo_config/ cfg.py" , line 1604, in _parse_file python3/ dist-packages/ oslo_config/ cfg.py" , line 1559, in parse f.readlines( )) python3. 8/encodings/ ascii.py" , line 26, in decode ascii_decode( input, self.errors)[0] server. flask.request_ processing. middleware. auth_context) : 2021-06-21 12:23:14,525 ERROR 'ascii' codec can't decode byte 0xd0 in position 94: ordinal not in range(128)
File "/usr/lib/
return method(self, request)
File "/usr/lib/
resp = super(AuthConte
File "/usr/lib/
data, user_auth_ref = self._do_
File "/usr/lib/
data = self.fetch_
File "/usr/lib/
self.token = self.token_
File "/usr/lib/
__ret_val = __f(*args, **kwargs)
File "/usr/lib/
token = self._validate_
File "<decorator-
File "/usr/lib/
return self.get_or_create(
File "/usr/lib/
with Lock(
File "/usr/lib/
return self._enter()
File "/usr/lib/
generated = self._enter_
File "/usr/lib/
return self.creator()
File "/usr/lib/
created_value = creator(
File "/usr/lib/
token.
File "/usr/lib/
self.
File "/usr/lib/
if not self.user_
File "/usr/lib/
if self.user:
File "/usr/lib/
self.__user = PROVIDERS.
File "/usr/lib/
__ret_val = __f(*args, **kwargs)
File "/usr/lib/
self.
File "/usr/lib/
self.
File "/usr/lib/
self.
File "/usr/lib/
domain_
File "/usr/lib/
self._namespace = self._parse_
File "/usr/lib/
return self._parse_
File "/usr/lib/
ConfigParse
File "/usr/lib/
parser.parse()
File "/usr/lib/
return super(ConfigParser, self).parse(
File "/usr/lib/
return codecs.
UnicodeDecodeError: 'ascii' codec can't decode byte 0xd0 in position 94: ordinal not in range(128)
(keystone.