OpenStack Identity (keystone)

_perform_auth may cause NameError exception

Bug #1844207 reported by zhufl on 2019-09-17
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Low
Colleen Murphy
OpenStack Identity (keystone) train-rc1
Also affects project (?) Also affects distribution/package Nominate for series

Bug Description

1. Problem
In function _perform_auth, if no remote_id_name is found,
we'll get "NameError: name 'remote_id' is not defined" exception
when we first use remote_id before definition.

def _perform_auth(cls, protocol_id):
     idps = PROVIDERS.federation_api.list_idps()
     for idp in idps:
         try:
             remote_id_name = federation_utils.get_remote_id_parameter(
                 idp, protocol_id)
         except exception.FederatedProtocolNotFound:
             # no protocol for this IdP, so this can't be the IdP we're
             # looking for
             continue
         remote_id = flask.request.environ.get(remote_id_name)
         if remote_id:
             break
     if not remote_id:
         msg = 'Missing entity ID from environment'
         tr_msg = _('Missing entity ID from environment')
         LOG.error(msg)
         raise exception.Unauthorized(tr_msg)

2. Fix
Add remote_id definition.

See original description
zhufl (zhu-fanglei) on 2019-09-17
description: updated
description: updated
description: updated
description: updated
zhufl (zhu-fanglei) on 2019-09-17
description: updated
OpenStack Infra (hudson-openstack) on 2019-09-17
Changed in keystone:
assignee: nobody → zhufl (zhu-fanglei)
status: New → In Progress
OpenStack Infra (hudson-openstack) on 2019-09-17
Changed in keystone:
assignee: zhufl (zhu-fanglei) → Colleen Murphy (krinkle)
Colleen Murphy (krinkle) on 2019-09-17
Changed in keystone:
importance: Undecided → Low
milestone: none → train-rc1
Revision history for this message
Colleen Murphy (krinkle) wrote :

https://review.opendev.org/679706

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.opendev.org/679706
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=e224082ecd347202695b8bbc3e5c5253cf729f92
Submitter: Zuul
Branch: master

commit e224082ecd347202695b8bbc3e5c5253cf729f92
Author: zhufl <email address hidden>
Date: Tue Sep 3 14:53:15 2019 +0800

    Add remote_id definition in _perform_auth

    This is to add remote_id definition in _perform_auth, otherwise
    if no remote_id is found, we'll get "NameError: name 'remote_id'
    is not defined" exception.

    Change-Id: I2ad7dd6d9e7f74dbeaa87a68472be75b04cef631
    Closes-Bug: #1844207

Changed in keystone:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/keystone 16.0.0.0rc1

This issue was fixed in the openstack/keystone 16.0.0.0rc1 release candidate.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.
Subscribing...

Other bug subscribers