[Yahoo-eng-team] [Bug 1933109] Re: Non-Latin charated in base DN results in backend initialization failure: ERROR 'ascii' codec can't decode byte 0xd0 in position 94: ordinal not in range(128)

[David Ames]

https://review.opendev.org/c/openstack/charm-keystone/+/797516 landed.
Marking Fix Committed.

** Changed in: keystone
       Status: New => Fix Committed

** Changed in: charm-keystone-ldap
       Status: Triaged => Invalid

** Changed in: keystone
       Status: Fix Committed => Invalid

** Also affects: charm-keystone
   Importance: Undecided
       Status: New

** Changed in: charm-keystone
       Status: New => Fix Committed

** Changed in: charm-keystone
   Importance: Undecided => Critical

** Changed in: charm-keystone
     Assignee: (unassigned) => David Ames (thedac)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1933109

Title:
  Non-Latin charated in base DN results in backend initialization
  failure: ERROR 'ascii' codec can't decode byte 0xd0 in position 94:
  ordinal not in range(128)

Status in OpenStack keystone charm:
  Fix Committed
Status in OpenStack Keystone LDAP integration:
  Invalid
Status in OpenStack Identity (keystone):
  Invalid

Bug description:
  == Steps to reproduce
  Deploy a keystone-ldap charm and provide a following ldap-user DN: 
"CN=openstack openstack,OU=Технологические пользователи,OU=Users,DC=corp,DC=com"

  == Problem statement

  cloud: focal-ussuri, latest stable charms

  The project I'm working on has an LDAP integration, and I've been
  given a following base DN: "CN=openstack openstack,OU=Технологические
  пользователи,OU=Users,DC=corp,DC=com", which I'm supplying as a ldap-
  user option of keystone-ldap charm.

  If I'll remove a non-latin OU part - then Keystone is trying to
  authenticate, but failing, complaining about invalid bind credentials.
  Then, if I'll return the "OU=Технологические пользователи" part back,
  the following occurs in keystone.log:

  (keystone.server.flask.request_processing.middleware.auth_context): 
2021-06-21 12:23:11,146 ERROR 'ascii' codec can't decode byte 0xd0 in position 
94: ordinal not in range(128)
  Traceback (most recent call last):
    File 
"/usr/lib/python3/dist-packages/keystone/server/flask/request_processing/middleware/auth_context.py",
 line 103, in _inner
      return method(self, request)
    File 
"/usr/lib/python3/dist-packages/keystone/server/flask/request_processing/middleware/auth_context.py",
 line 358, in process_request
      resp = super(AuthContextMiddleware, self).process_request(request)
    File 
"/usr/lib/python3/dist-packages/keystonemiddleware/auth_token/__init__.py", 
line 409, in process_request
      data, user_auth_ref = self._do_fetch_token(
    File 
"/usr/lib/python3/dist-packages/keystonemiddleware/auth_token/__init__.py", 
line 445, in _do_fetch_token
      data = self.fetch_token(token, **kwargs)
    File 
"/usr/lib/python3/dist-packages/keystone/server/flask/request_processing/middleware/auth_context.py",
 line 252, in fetch_token
      self.token = self.token_provider_api.validate_token(
    File "/usr/lib/python3/dist-packages/keystone/common/manager.py", line 115, 
in wrapped
      __ret_val = __f(*args, **kwargs)
    File "/usr/lib/python3/dist-packages/keystone/token/provider.py", line 145, 
in validate_token
      token = self._validate_token(token_id)
    File "<decorator-gen-26>", line 2, in _validate_token
    File "/usr/lib/python3/dist-packages/dogpile/cache/region.py", line 1359, 
in get_or_create_for_user_func
      return self.get_or_create(
    File "/usr/lib/python3/dist-packages/dogpile/cache/region.py", line 957, in 
get_or_create
      with Lock(
    File "/usr/lib/python3/dist-packages/dogpile/lock.py", line 187, in 
__enter__
      return self._enter()
    File "/usr/lib/python3/dist-packages/dogpile/lock.py", line 94, in _enter
      generated = self._enter_create(value, createdtime)
   File "/usr/lib/python3/dist-packages/dogpile/lock.py", line 180, in 
_enter_create
      return self.creator()
    File "/usr/lib/python3/dist-packages/dogpile/cache/region.py", line 915, in 
gen_value
      created_value = creator(
    File "/usr/lib/python3/dist-packages/keystone/token/provider.py", line 179, 
in _validate_token
      token.mint(token_id, issued_at)
    File "/usr/lib/python3/dist-packages/keystone/models/token_model.py", line 
580, in mint
      self._validate_token_user()
    File "/usr/lib/python3/dist-packages/keystone/models/token_model.py", line 
503, in _validate_token_user
      if not self.user_domain.get('enabled'):
    File "/usr/lib/python3/dist-packages/keystone/models/token_model.py", line 
139, in user_domain
      if self.user:
    File "/usr/lib/python3/dist-packages/keystone/models/token_model.py", line 
133, in user
      self.__user = PROVIDERS.identity_api.get_user(self.user_id)
    File "/usr/lib/python3/dist-packages/keystone/common/manager.py", line 115, 
in wrapped
      __ret_val = __f(*args, **kwargs)
    File "/usr/lib/python3/dist-packages/keystone/identity/core.py", line 412, 
in wrapper
      self.domain_configs.setup_domain_drivers(
    File "/usr/lib/python3/dist-packages/keystone/identity/core.py", line 306, 
in setup_domain_drivers
      self._setup_domain_drivers_from_files(standard_driver,
    File "/usr/lib/python3/dist-packages/keystone/identity/core.py", line 159, 
in _setup_domain_drivers_from_files
      self._load_config_from_file(
    File "/usr/lib/python3/dist-packages/keystone/identity/core.py", line 125, 
in _load_config_from_file
      domain_config['cfg'](args=[], project='keystone',
    File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 2131, in 
__call__
      self._namespace = self._parse_cli_opts(args if args is not None
    File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 2897, in 
_parse_cli_opts
      return self._parse_config_files()
    File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 2914, in 
_parse_config_files
      ConfigParser._parse_file(config_file, namespace)
    File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 1604, in 
_parse_file
      parser.parse()
    File "/usr/lib/python3/dist-packages/oslo_config/cfg.py", line 1559, in 
parse
      return super(ConfigParser, self).parse(f.readlines())
  File "/usr/lib/python3.8/encodings/ascii.py", line 26, in decode
      return codecs.ascii_decode(input, self.errors)[0]
  UnicodeDecodeError: 'ascii' codec can't decode byte 0xd0 in position 94: 
ordinal not in range(128)
  (keystone.server.flask.request_processing.middleware.auth_context): 
2021-06-21 12:23:14,525 ERROR 'ascii' codec can't decode byte 0xd0 in position 
94: ordinal not in range(128)

  Apparently, it's trying to read the domain config and something goes
  wrong at this step (as there's even no authentication attempt being
  made).

To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-keystone/+bug/1933109/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp