Reviewed: https://review.openstack.org/485302 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=bb2b215b539b56c01e9a0c7acd9fd62ed1529ebc Submitter: Jenkins Branch: master
commit bb2b215b539b56c01e9a0c7acd9fd62ed1529ebc Author: prashkre <[email protected]> Date: Wed Jul 19 23:37:02 2017 +0530 Filter users and groups in ldap All users and groups are required to have a name. Prior to this fix, Keystone was not properly enforcing this for LDAP users and groups. Keystone will now ignore users and groups that do not have a value for the LDAP attribute which Keystone has been configured to use for that entity's name. Closes-Bug: #1704205 Change-Id: I424813785b7a355514ef42f1e4c6384b8a78b256 ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1704205 Title: GET /v3/role_assignments?effective&include_names API fails with unexpected 500 error Status in OpenStack Identity (keystone): Fix Released Bug description: In an environment like ldap server as identity backend, where a group has role assignment but some users in group doesn't have "name" attribute configured in ldap. So while fetching effective role assignments with include_names, it is failing in below stack trace error. 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi Traceback (most recent call last): 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 228, in __call__ 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi result = method(req, **params) 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/assignment/controllers.py", line 999, in list_role_assignments_wrapper 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi return self.list_role_assignments(request) 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/controller.py", line 235, in wrapper 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi return f(self, request, filters, **kwargs) 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/assignment/controllers.py", line 956, in list_role_assignments 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi return self._list_role_assignments(request, filters) 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/assignment/controllers.py", line 945, in _list_role_assignments 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi include_names=include_names) 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/manager.py", line 123, in wrapped 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi __ret_val = __f(*args, **kwargs) 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/assignment/core.py", line 948, in list_role_assignments 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi return self._get_names_from_role_assignments(role_assignments) 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/assignment/core.py", line 974, in _get_names_from_role_assignments 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi new_assign['user_name'] = _user['name'] 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi KeyError: 'name' 2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1704205/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
