queens regresion: _dn_to_id() not using utf8_encode/decode

Bug #1850634 reported by Corey Bryant on 2019-10-30
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Low
Corey Bryant
Ubuntu Cloud Archive
Undecided
Unassigned
Queens
High
Corey Bryant
keystone (Ubuntu)
Undecided
Unassigned
Bionic
High
Corey Bryant

Bug Description

[Impact]

There's a regression in the LDAP common backend code due to a recent stable/queens backport that shouldn't have been backported past stable/rocky. It was backported as part of the fixes for https://bugs.launchpad.net/bugs/1782922.

The following patch shouldn't have been backported to stable/queens:
https://review.opendev.org/#/c/672519/

The reason why is because the following patch, which switched to bytes_mode=False, doesn't exist in stable/queens:
https://review.opendev.org/#/c/613648/
In particular see the changes to _dn_to_id() in https://review.opendev.org/#/c/613648/4/keystone/identity/backends/ldap/common.py.

Those changes didn't happen in stable/queens so _dn_to_id should still be UTF-8 encoding/decoding the appropriate fields. In other words it should still be using the following in stable/queens:

        if self.id_attr == utf8_decode(
                ldap.dn.str2dn(utf8_encode(dn))[0][0][0].lower()):
            return utf8_decode(ldap.dn.str2dn(utf8_encode(dn))[0][0][1])

[Test Case]
See test case in https://bugs.launchpad.net/bugs/1782922.

[Regression Potential]
The code that will be fixed for this bug (ie. the code in the if statement) is being reverted to what it used to be prior to the bug fix for https://bugs.launchpad.net/bugs/1782922. Prior to 1782922, _dn_to_id() used to only consist of the code that is in the if statment, so the regression potential is very low. Code will be tested to minimize regression potential and patch has been submitted upstream.

Changed in keystone (Ubuntu):
status: New → Invalid
Changed in keystone (Ubuntu Bionic):
status: New → Triaged
importance: Undecided → High
Changed in cloud-archive:
status: New → Invalid
Changed in keystone (Ubuntu Bionic):
assignee: nobody → Corey Bryant (corey.bryant)
description: updated
summary: - stable/queens regresion - _dn_to_id() should still be using
- utf8_encode/utf8_decode in queens
+ queens regresion - _dn_to_id() not using utf8_encode/utf8_decode
summary: - queens regresion - _dn_to_id() not using utf8_encode/utf8_decode
+ queens regresion: _dn_to_id() not using utf8_encode/utf8_decode
summary: - queens regresion: _dn_to_id() not using utf8_encode/utf8_decode
+ queens regresion: _dn_to_id() not using utf8_encode/decode
Gage Hugo (gagehugo) on 2019-10-30
Changed in keystone:
status: New → Triaged
importance: Undecided → Low
milestone: none → ussuri-1
assignee: nobody → Corey Bryant (corey.bryant)

Reviewed: https://review.opendev.org/692128
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=e8b04cc4265d672214da50b99ead8c4f8cc49aa2
Submitter: Zuul
Branch: stable/queens

commit e8b04cc4265d672214da50b99ead8c4f8cc49aa2
Author: Corey Bryant <email address hidden>
Date: Wed Oct 30 08:49:24 2019 -0400

    Revert "Fix python3 compatibility on LDAP search DN from id"

    This reverts commit 79ed42ee67915383242541329dd5aa186f087ff2,
    which shouldn't have been backported to stable/queens because the
    following patch, which switched to bytes_mode=False, doesn't exist
    in stable/queens: https://review.opendev.org/#/c/613648/.

    Change-Id: I3c0fe74559f1bbf66f717fbaeb1e1dd435e7eb2c
    Closes-Bug: #1850634

This issue was fixed in the openstack/keystone 13.0.4 release.

tags: added: bionic regression-proposed

Hello Corey, or anyone else affected,

Accepted keystone into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/keystone/2:13.0.2-0ubuntu3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in keystone (Ubuntu Bionic):
status: Triaged → Fix Committed
tags: added: verification-needed verification-needed-bionic
Corey Bryant (corey.bryant) wrote :

This fix was released upstream in queens 13.0.4

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers