diff options
author | Keigo Noha <knoha@redhat.com> | 2020-10-27 15:07:53 +0900 |
---|---|---|
committer | Keigo Noha <knoha@redhat.com> | 2021-03-01 08:41:08 +0000 |
commit | f4819fe36f087b2f652dc68fd33880860570f8d9 (patch) | |
tree | 5bfba784b63405ec5d088f62dba6ad06f6cb94ec | |
parent | 5a7ebf53bc797524ea90400bbea5bcd75f82ddd9 (diff) | |
download | keystone-f4819fe36f087b2f652dc68fd33880860570f8d9.tar.gz |
Support bytes type in generate_public_ID()
python-ldap3.0 or later running on python3 uses str or bytes
data type according to what fields are returned.
local_id may be a bytes data type.
To handle it properly, mapping[key] needs to be examined for
identifying its data type and what python version is used.
Closes-Bug: #1901654
Change-Id: Iac097235fd31e166028c169d14ec0937c663c21c
(cherry picked from commit f7df9fba828328d8b20e85d711c1d27c77089632)
(cherry picked from commit 5b860e0b3b4e318b91325996156bae3f99abd6c7)
-rw-r--r-- | keystone/identity/id_generators/sha256.py | 10 | ||||
-rw-r--r-- | keystone/tests/unit/test_backend_id_mapping_sql.py | 17 | ||||
-rw-r--r-- | releasenotes/notes/bug-1901654-69b9f35d11cd0c75.yaml | 10 |
3 files changed, 35 insertions, 2 deletions
diff --git a/keystone/identity/id_generators/sha256.py b/keystone/identity/id_generators/sha256.py index d0f4a57ad..dde9c2dd0 100644 --- a/keystone/identity/id_generators/sha256.py +++ b/keystone/identity/id_generators/sha256.py @@ -13,7 +13,6 @@ # under the License. import hashlib - from keystone.identity import generator @@ -22,5 +21,12 @@ class Generator(generator.IDGenerator): def generate_public_ID(self, mapping): m = hashlib.sha256() for key in sorted(mapping.keys()): - m.update(mapping[key].encode('utf-8')) + # python-ldap >3.0 returns bytes data type for attribute values + # except distinguished names, relative distinguished names, + # attribute names, queries on python3. + # Please see Bytes/text management in python-ldap module. + if isinstance(mapping[key], bytes): + m.update(mapping[key]) + else: + m.update(mapping[key].encode('utf-8')) return m.hexdigest() diff --git a/keystone/tests/unit/test_backend_id_mapping_sql.py b/keystone/tests/unit/test_backend_id_mapping_sql.py index e5aa878cd..baee34e99 100644 --- a/keystone/tests/unit/test_backend_id_mapping_sql.py +++ b/keystone/tests/unit/test_backend_id_mapping_sql.py @@ -152,6 +152,23 @@ class SqlIDMapping(test_backend_sql.SqlTests): self.assertEqual( public_id, PROVIDERS.id_mapping_api.get_public_id(local_entity)) + def test_id_mapping_handles_bytes(self): + initial_mappings = len(mapping_sql.list_id_mappings()) + local_id = b'FaKeID' + local_entity = {'domain_id': self.domainA['id'], + 'local_id': local_id, + 'entity_type': mapping.EntityType.USER} + + # Check no mappings for the new local entity + self.assertIsNone(PROVIDERS.id_mapping_api.get_public_id(local_entity)) + + # Create the new mapping and then read it back + public_id = PROVIDERS.id_mapping_api.create_id_mapping(local_entity) + self.assertThat(mapping_sql.list_id_mappings(), + matchers.HasLength(initial_mappings + 1)) + self.assertEqual( + public_id, PROVIDERS.id_mapping_api.get_public_id(local_entity)) + def test_delete_public_id_is_silent(self): # Test that deleting an invalid public key is silent PROVIDERS.id_mapping_api.delete_id_mapping(uuid.uuid4().hex) diff --git a/releasenotes/notes/bug-1901654-69b9f35d11cd0c75.yaml b/releasenotes/notes/bug-1901654-69b9f35d11cd0c75.yaml new file mode 100644 index 000000000..0537bb837 --- /dev/null +++ b/releasenotes/notes/bug-1901654-69b9f35d11cd0c75.yaml @@ -0,0 +1,10 @@ +--- +fixes: + - | + [`bug 1901654 <https://bugs.launchpad.net/keystone/+bug/1901654>`_] + Previously, generate_public_ID() in sha256.py assumed the passed arguments is str data type. + However, python-ldap 3.0 or later returns bytes data type for attribute values except fields + of distinguished names, relative distinguished names, attribute names, queries. + If keystone running on Python3 is integrated with LDAP and the LDAP server has local_id variable + in its attribute, user login operations will fail due to the assumption and modifiation of python-ldap. + By this fix, generate_public_ID() properly handles bytes data type in the parameter. |