Merge "Support bytes type in generate_public_ID()" into stable/ussuri

This commit is contained in:
Zuul 2021-03-11 06:42:30 +00:00 committed by Gerrit Code Review
commit cbfaab84a8
3 changed files with 35 additions and 2 deletions

View File

@ -13,7 +13,6 @@
# under the License.
import hashlib
from keystone.identity import generator
@ -22,5 +21,12 @@ class Generator(generator.IDGenerator):
def generate_public_ID(self, mapping):
m = hashlib.sha256()
for key in sorted(mapping.keys()):
# python-ldap >3.0 returns bytes data type for attribute values
# except distinguished names, relative distinguished names,
# attribute names, queries on python3.
# Please see Bytes/text management in python-ldap module.
if isinstance(mapping[key], bytes):
m.update(mapping[key])
else:
m.update(mapping[key].encode('utf-8'))
return m.hexdigest()

View File

@ -152,6 +152,23 @@ class SqlIDMapping(test_backend_sql.SqlTests):
self.assertEqual(
public_id, PROVIDERS.id_mapping_api.get_public_id(local_entity))
def test_id_mapping_handles_bytes(self):
initial_mappings = len(mapping_sql.list_id_mappings())
local_id = b'FaKeID'
local_entity = {'domain_id': self.domainA['id'],
'local_id': local_id,
'entity_type': mapping.EntityType.USER}
# Check no mappings for the new local entity
self.assertIsNone(PROVIDERS.id_mapping_api.get_public_id(local_entity))
# Create the new mapping and then read it back
public_id = PROVIDERS.id_mapping_api.create_id_mapping(local_entity)
self.assertThat(mapping_sql.list_id_mappings(),
matchers.HasLength(initial_mappings + 1))
self.assertEqual(
public_id, PROVIDERS.id_mapping_api.get_public_id(local_entity))
def test_delete_public_id_is_silent(self):
# Test that deleting an invalid public key is silent
PROVIDERS.id_mapping_api.delete_id_mapping(uuid.uuid4().hex)

View File

@ -0,0 +1,10 @@
---
fixes:
- |
[`bug 1901654 <https://bugs.launchpad.net/keystone/+bug/1901654>`_]
Previously, generate_public_ID() in sha256.py assumed the passed arguments is str data type.
However, python-ldap 3.0 or later returns bytes data type for attribute values except fields
of distinguished names, relative distinguished names, attribute names, queries.
If keystone running on Python3 is integrated with LDAP and the LDAP server has local_id variable
in its attribute, user login operations will fail due to the assumption and modifiation of python-ldap.
By this fix, generate_public_ID() properly handles bytes data type in the parameter.