user_id = user.get('id')
user_name = user.get('name') or request.remote_user
if not any([user_id, user_name]):
msg = _("Could not map user while setting ephemeral user identity. " "Either mapping rules must specify user id/name or " "REMOTE_USER environment variable must be set.")
raise exception.Unauthorized(msg)
There is an error inside above function.
If user.get('name') is None, but request.remote_user is not None, e.g. request.remote_user is "fed_user", then user_name will be "fed_user".
So, the execution path will not go into "elif not user_name". So, for last line "return (user['id'], user['name'])", user['name'] will raise KeyError exception.
Firstly, see the code of function get_user_ unique_ id_and_ display_ name() of keystone/ auth/plugins/ mapped. py
# keystone/ auth/plugins/ mapped. py
def get_user_ unique_ id_and_ display_ name(request, mapped_properties):
user = mapped_ properties[ 'user']
user_id = user.get('id')
user_name = user.get('name') or request.remote_user
if not any([user_id, user_name]):
" Either mapping rules must specify user id/name or "
" REMOTE_ USER environment variable must be set.") Unauthorized( msg)
msg = _("Could not map user while setting ephemeral user identity. "
raise exception.
elif not user_name:
user[ 'name'] = user_id
elif not user_id:
user_id = user_name
user['id'] = parse.quote( user_id)
return (user['id'], user['name'])
There is an error inside above function.
If user.get('name') is None, but request.remote_user is not None, e.g. request.remote_user is "fed_user", then user_name will be "fed_user".
So, the execution path will not go into "elif not user_name". So, for last line "return (user['id'], user['name'])", user['name'] will raise KeyError exception.