Bug 1416877 - A space character in LDAP url in hosts file converts to \_ in master-config.yaml
Summary: A space character in LDAP url in hosts file converts to \_ in master-config.yaml
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 3.4.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: ---
Assignee: Russell Teague
QA Contact: Johnny Liu
Depends On:
TreeView+ depends on / blocked
Reported: 2017-01-26 16:57 UTC by Steven Walter
Modified: 2017-05-08 19:24 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2017-03-27 13:26:41 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Steven Walter 2017-01-26 16:57:44 UTC
Description of problem:
Customer set up authentication in the hosts file for LDAP. The url contains a space:

openshift_master_identity_providers=[{'name': 'ldap-provider','challenge': 'true','login': 'true','kind': 'LDAPPasswordIdentityProvider','attributes': {'id': ['cn'],'name': ['description'], 'preferredUsername': ['cn']},'insecure': 'false', 'bindDN': 'CN=ose3master.gen,OU=Generics,OU=Example Users,DC=stage, DC=example,DC=com','bindPassword': '********','ca': 'stacked.pem','url': 'ldap://staging.example.com:389/OU=Example Users,DC=stage,DC=example,DC=com?cn'}]

Note "Example Users" in bindDN and url. In master-config.yaml it converts to:

    name: ldap-provider
      kind: LDAPPasswordIdentityProvider
      url: "ldap://staging.example.com:389/OU=Example\_Users,DC=stage,DC=example,DC=com?cn"

It starts working again if you manually modify master-config.yaml with the space instead of the \_

Version-Release number of selected component (if applicable):
Customer has replicated issue on two versions:

How reproducible:
I was unable to reproduce in my lab environment -- unconfirmed

Additional Info:

I was looking at these code bits but can't find where it's making format change:


Comment 4 Russell Teague 2017-03-10 19:44:12 UTC
I have been unable to reproduce this bug in development environments.

Additionally, I noticed in the original problem description, the ldap url was show within double quotes.  I've not see this in the master-config.yaml either.

Test system details:

[root@ose3-master ~]# rpm -qa atomic\*

[root@ose3-master ~]# rpm -qa PyYAML

[root@ose3-master ~]# cat /etc/origin/master/master-config.yaml | grep url:
      url: ldap://staging.example.com:389/OU=Example Users,DC=stage,DC=example,DC=com?cn

I have also Ansible 2.1 and 2.2.

Please provide at package version listing for both the control host and the master.
Something like:
# rpm -qa | sort > installed-rpms.txt

Comment 5 Russell Teague 2017-03-14 14:49:49 UTC
Following up to see if the requested information can be provided or if this issue is no longer reproducible in the customer environment.

Comment 6 Steven Walter 2017-03-14 15:27:58 UTC
Checking with the customer. I was never able to replicate but customer had gotten it to happen consistently. I'll let you know results

Comment 9 Russell Teague 2017-03-21 19:43:56 UTC
I have been able to reproduce the behavior reported when using non-breaking spaces in the host file.  Please ensure your hosts file does not include non-breaking spaces.

To check:
# grep -P -n "\xA0" hosts

Any lines with non-breaking spaces will be listed.

To fix:
# sed -i.bak 's/\xC2\xA0/ /g' hosts

Any lines containing non-breaking spaces will be updated to have normal spaces.  A backup will be made of the original at hosts.bak.

Non-breaking spaces are generally artifacts from copy/paste or inadvertent key combinations when typing in editors.  YAML 1.1 spec states that non-breaking spaces are converted to "\_" during dumping.  This yaml.dump was occurring in the openshift_master translate_idps filter module.

Please let me know if this resolves your issue.

Comment 10 Steven Walter 2017-05-08 19:24:56 UTC
Created KCS with your solution for future customers to use https://access.redhat.com/solutions/3026781 -- thanks!

Note You need to log in before you can comment on or make changes to this bug.