OpenStack Identity (keystone)

federation mapping debug has useless direct_maps information

Bug #1841486 reported by John Dennis on 2019-08-26

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	Medium	Colleen Murphy	OpenStack Identity (keystone) train-rc1

Bug Description

If you use keystone-manage mapping_engine --engine-debug to test your rules (or when debug logging is on during run time) the diagnostic output fails to emit a piece of crucial information, the contents direct map array. What you'll get instead is this:

direct_maps: <keystone.federation.utils.DirectMaps object at 0x7f7121887b00>

That's because the DirectMaps class does not have a __str__() method and Python resorts to __ref__() in the absence of __str__() and all __ref__() does is print the class name and it's memory location, not very useful.

If DirectMaps had a __str__() function like this:

def __str__(self):
return '%s' % self._matches

the debug output would include the actual direct map data like this:

direct_maps: [['<email address hidden>'], ['Group1', 'Group3']]

Tags:

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-08-26: Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.opendev.org/678700

Changed in keystone:
assignee:	nobody → John Dennis (jdennis-a)
status:	New → In Progress

Revision history for this message

Lance Bragstad (lbragstad) wrote on 2019-08-28:

I was able to confirm this using the following data:

$ cat input
NAME: lbragstad
EMAIL: <email address hidden>
GROUPS: development
$ cat mapping.json
{
"rules": [
        {
            "local": [
                {
                    "user": {
                        "name": "{0}",
                        "email": "{1}"
                    },
                    "group": {
                        "name": "{2}",
                        "domain": {
                            "id": "default"
                        }
                    }
                }
            ],
            "remote": [
                {
                    "type": "NAME"
                },
                {
                    "type": "EMAIL"
                },
                {
                    "type": "GROUPS"
                }
            ]
        }
]
}

Debug logging https://pasted.tech/pastes/3804094968c6aae429bd43da60efbe9fa7d6272c.raw when running:

$ keystone-manage mapping_engine --rules mapping.json --input input --engine-debug

tags:	added: user-experience
Changed in keystone:
importance:	Undecided → Medium

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-08-28:

Fix proposed to branch: master
Review: https://review.opendev.org/679139

Changed in keystone:
assignee:	John Dennis (jdennis-a) → Lance Bragstad (lbragstad)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-09-03: Change abandoned on keystone (master)

Change abandoned by Lance Bragstad (<email address hidden>) on branch: master
Review: https://review.opendev.org/679139
Reason: Rolled this into https://review.opendev.org/#/c/678700/4

Colleen Murphy (krinkle) on 2019-09-17

Changed in keystone:
milestone:	none → train-rc1

OpenStack Infra (hudson-openstack) on 2019-09-19

Changed in keystone:
assignee:	Lance Bragstad (lbragstad) → Colleen Murphy (krinkle)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-09-20: Fix merged to keystone (master)

Reviewed: https://review.opendev.org/678700
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=b33abb4b070d72c16af914e4292adb205bdee5fa
Submitter: Zuul
Branch: master

commit b33abb4b070d72c16af914e4292adb205bdee5fa
Author: John Dennis <email address hidden>
Date: Mon Aug 26 19:32:22 2019 -0400

Federation mapping debug should show direct_maps values

    If you use keystone-manage mapping_engine --engine-debug to test your
    rules (or when debug logging is on during run time) the diagnostic
    output fails to emit a piece of crucial information, the contents
    direct map array. What you'll get instead is this:

direct_maps: <keystone.federation.utils.DirectMaps object at 0x7f7121887b00>

    That's because the DirectMaps class does not have a __str__() method
    and Python resorts to __ref__() in the absence of __str__() and all
    __ref__() does is print the class name and it's memory location, not
    very useful.

This patch adds a __str__() method to the DirectMaps class so the
debug output now includes the actual direct map data like this:

direct_maps: [['<email address hidden>'], ['Group1', 'Group3']]

    Co-Authored-By: Lance Bragstad <email address hidden>
    Change-Id: I07643fbe3e1e712b7eac716a7f671a2d513e920b
    Closes-Bug: 1841486
    Signed-off-by: John Dennis <email address hidden>

Changed in keystone:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-09-27: Fix included in openstack/keystone 16.0.0.0rc1

This issue was fixed in the openstack/keystone 16.0.0.0rc1 release candidate.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.