OpenStack Identity (keystone)

V3 list users filter by email address throws exception

Bug #1306835 reported by Haneef Ali
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Medium
Juan Antonio Osorio Robles
OpenStack Identity (keystone) 2014.2 "juno"
Icehouse
Fix Released
Medium
Unassigned
OpenStack Identity (keystone) 2014.1.3
openstack-manuals
Fix Released
Medium
Brant Knudson
openstack-manuals juno

Bug Description

V3 list_user filter by email throws excpetion. There is no such attribute email.

keystone.common.wsgi): 2014-04-11 23:09:00,422 ERROR type object 'User' has no attribute 'email'
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 206, in __call__
    result = method(context, **params)
  File "/usr/lib/python2.7/dist-packages/keystone/common/controller.py", line 183, in wrapper
    return f(self, context, filters, **kwargs)
  File "/usr/lib/python2.7/dist-packages/keystone/identity/controllers.py", line 284, in list_users
    hints=hints)
  File "/usr/lib/python2.7/dist-packages/keystone/common/manager.py", line 52, in wrapper
    return f(self, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/keystone/identity/core.py", line 189, in wrapper
    return f(self, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/keystone/identity/core.py", line 328, in list_users
    ref_list = driver.list_users(hints or driver_hints.Hints())
  File "/usr/lib/python2.7/dist-packages/keystone/common/sql/core.py", line 227, in wrapper
    return f(self, hints, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/keystone/identity/backends/sql.py", line 132, in list_users
    user_refs = sql.filter_limit_query(User, query, hints)
  File "/usr/lib/python2.7/dist-packages/keystone/common/sql/core.py", line 374, in filter_limit_query
    query = _filter(model, query, hints)
  File "/usr/lib/python2.7/dist-packages/keystone/common/sql/core.py", line 326, in _filter
    filter_dict = exact_filter(model, filter_, filter_dict, hints)
  File "/usr/lib/python2.7/dist-packages/keystone/common/sql/core.py", line 312, in exact_filter
    if isinstance(getattr(model, key).property.columns[0].type,
AttributeError: type object 'User' has no attribute 'email'

Revision history for this message
Juan Antonio Osorio Robles (juan-osorio-robles) wrote :

I will take a look into it

Changed in keystone:
assignee: nobody → Juan Antonio Osorio Robles (juan-osorio-robles)
Dolph Mathews (dolph)
Changed in keystone:
status: New → Triaged
importance: Undecided → Medium
Revision history for this message
Juan Antonio Osorio Robles (juan-osorio-robles) wrote :

Well, for sql there seems to be no email column whatsoever (which is strange since in the ldap backend it exists), now, I added the column for it, but it seems that if in ldap you don't specify an email, or that email is null (None), there will be no email saved, and thus, the listing of users without email will not contain this attribute. So, the fixing of this issue in the SQL backend will break ldap unit tests. Should I file a separate bug regarding this for ldap? I could also work on it.

Changed in keystone:
status: Triaged → In Progress
Revision history for this message
Openstack Gerrit (openstack-gerrit) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/90296

Revision history for this message
Openstack Gerrit (openstack-gerrit) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/90296
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=75cca803739a5b4ef197666589582802c7391e17
Submitter: Jenkins
Branch: master

commit 75cca803739a5b4ef197666589582802c7391e17
Author: Juan Antonio Osorio <email address hidden>
Date: Fri Apr 25 09:56:11 2014 +0300

    No longer allow listing users by email

    As specified in the bug description, the listing of users by using the
    email attribute as a filter would cause an exception. This is because
    the email is not a first class attribute, yet it was considered so in
    the filters. Thus, this fix will prevent the exception while also
    preventing the filtering by email.

    Change-Id: Ibf4b51a91c1e47e8197af49855307460559a7fc9
    Closes-Bug: #1306835

Changed in keystone:
status: In Progress → Fix Committed
Revision history for this message
David Stanek (dstanek) wrote :

The email address is not a first class attribute on a user. If provided when creating or updating a user the email is stored in the 'extra' JSON dictionary. Filtering by email was broken because it was not designed to look into 'extra' to satisfy filters.

In IRC it was decided that Keystone really doesn't have a specific use for email address so it should remain in 'extra'. Additionally it was decided that since the attribute is not first class that we would remove the ability to filter on it. Since the functionality was broken, removing it would not break any existing deployments.

Thierry Carrez (ttx)
Changed in keystone:
milestone: none → juno-1
status: Fix Committed → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (stable/icehouse)

Fix proposed to branch: stable/icehouse
Review: https://review.openstack.org/115079

Brant Knudson (blk-u)
tags: added: icehouse-backport-potential
Revision history for this message
Durgadas Kamath (kamathd) wrote :

Also, help to remove the mention of "email" from the documentation
http://developer.openstack.org/api-ref-guides/bk-api-ref-identity-v3.pdf

Section 1.7.2. List users - GET /v3/users{?domain_id,email,name,enabled,page,per_page}

Revision history for this message
Brant Knudson (blk-u) wrote :

Fix to docs proposed https://review.openstack.org/115330

Changed in openstack-manuals:
status: New → In Progress
assignee: nobody → Brant Knudson (blk-u)
Revision history for this message
Morgan Fainberg (mdrnstm) wrote :

cross posting my comment from the stable backport:

Are we seeing consistent reports on this? With the docs fixed does this really make sense to backport as it is fixed going forward with master.

It is a minor change, but could also just be fixed moving forward. It doesn't impact security, and with documents updated the user experience while improved should probably not be hit often unless a client-lib is making a call for filter on email.

Revision history for this message
Brant Knudson (blk-u) wrote :

I've only heard one complaint about this.

Having the fix in Juno doesn't help the person that complained about this. They're not going to be switching to Juno since Juno hasn't even been released yet, and when it is, it's not like they can just update their product to it.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (stable/icehouse)

Reviewed: https://review.openstack.org/115079
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=c48ec389fd2e4efc5e35b16735bf5a250db6b0cf
Submitter: Jenkins
Branch: stable/icehouse

commit c48ec389fd2e4efc5e35b16735bf5a250db6b0cf
Author: Juan Antonio Osorio <email address hidden>
Date: Fri Apr 25 09:56:11 2014 +0300

    No longer allow listing users by email

    As specified in the bug description, the listing of users by using the
    email attribute as a filter would cause an exception. This is because
    the email is not a first class attribute, yet it was considered so in
    the filters. Thus, this fix will prevent the exception while also
    preventing the filtering by email.

    Change-Id: Ibf4b51a91c1e47e8197af49855307460559a7fc9
    Closes-Bug: #1306835
    (cherry picked from commit 75cca803739a5b4ef197666589582802c7391e17)

tags: added: in-stable-icehouse
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/121711

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on keystone (master)

Change abandoned by Ryan Hsu (<email address hidden>) on branch: master
Review: https://review.openstack.org/121711
Reason: Testing

Thierry Carrez (ttx)
Changed in keystone:
milestone: juno-1 → 2014.2
Tom Fifield (fifieldt)
Changed in openstack-manuals:
status: In Progress → Fix Released
milestone: none → juno
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.