Merge "Support bytes type in generate_public_ID()" into stable/ussuri

1 month ago · cbfaab84a8
--- a/keystone/identity/id_generators/sha256.py
+++ b/keystone/identity/id_generators/sha256.py
@ -13,7 +13,6 @@
 # under the License.

 import hashlib

 from keystone.identity import generator


@ -22,5 +21,12 @@ class Generator(generator.IDGenerator):
    def generate_public_ID(self, mapping):
        m = hashlib.sha256()
        for key in sorted(mapping.keys()):
            m.update(mapping[key].encode('utf-8'))
            # python-ldap >3.0 returns bytes data type for attribute values
            # except distinguished names, relative distinguished names,
            # attribute names, queries on python3.
            # Please see Bytes/text management in python-ldap module.
            if isinstance(mapping[key], bytes):
                m.update(mapping[key])
            else:
                m.update(mapping[key].encode('utf-8'))
        return m.hexdigest()
--- a/keystone/tests/unit/test_backend_id_mapping_sql.py
+++ b/keystone/tests/unit/test_backend_id_mapping_sql.py
@ -152,6 +152,23 @@ class SqlIDMapping(test_backend_sql.SqlTests):
        self.assertEqual(
            public_id, PROVIDERS.id_mapping_api.get_public_id(local_entity))

    def test_id_mapping_handles_bytes(self):
        initial_mappings = len(mapping_sql.list_id_mappings())
        local_id = b'FaKeID'
        local_entity = {'domain_id': self.domainA['id'],
                        'local_id': local_id,
                        'entity_type': mapping.EntityType.USER}

        # Check no mappings for the new local entity
        self.assertIsNone(PROVIDERS.id_mapping_api.get_public_id(local_entity))

        # Create the new mapping and then read it back
        public_id = PROVIDERS.id_mapping_api.create_id_mapping(local_entity)
        self.assertThat(mapping_sql.list_id_mappings(),
                        matchers.HasLength(initial_mappings + 1))
        self.assertEqual(
            public_id, PROVIDERS.id_mapping_api.get_public_id(local_entity))

    def test_delete_public_id_is_silent(self):
        # Test that deleting an invalid public key is silent
        PROVIDERS.id_mapping_api.delete_id_mapping(uuid.uuid4().hex)
--- a/releasenotes/notes/bug-1901654-69b9f35d11cd0c75.yaml
+++ b/releasenotes/notes/bug-1901654-69b9f35d11cd0c75.yaml
@ -0,0 +1,10 @@
 ---
 fixes:
  - |
    [`bug 1901654 <https://bugs.launchpad.net/keystone/+bug/1901654>`_]
    Previously, generate_public_ID() in sha256.py assumed the passed arguments is str data type.
    However, python-ldap 3.0 or later returns bytes data type for attribute values except fields
    of distinguished names, relative distinguished names, attribute names, queries.
    If keystone running on Python3 is integrated with LDAP and the LDAP server has local_id variable
    in its attribute, user login operations will fail due to the assumption and modifiation of python-ldap.
    By this fix, generate_public_ID() properly handles bytes data type in the parameter.