First Last Prev Next    This bug is not in your last search results.
Bug 56588 - Python2 incompatible template /etc/simplesamlphp/00authsources.php
Python2 incompatible template /etc/simplesamlphp/00authsources.php
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: SAML
UCS 5.0
Other Linux
: P5 normal (vote)
: UCS 5.0-5-errata
Assigned To: Florian Best
Nikola Radovanovic
https://git.knut.univention.de/univen...
:
Depends on: 56074
Blocks: 56647
  Show dependency treegraph
 
Reported: 2023-09-14 11:28 CEST by Erik Damrose
Modified: 2023-09-25 09:23 CEST (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 4: A User would return the product
User Pain: 0.069
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Regression
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Erik Damrose univentionstaff 2023-09-14 11:28:12 CEST 
Bug #56074 introduced a Python 2 incompatibility which broke a very important customers whole SAML config, as they were still setting UCR variables for SAML in a Python 2 process.

This patch will restore Python 2 compatibility:

diff --git saml/univention-saml/conffiles/etc/simplesamlphp/00authsources.php saml/univention-saml/conffiles/etc/simplesamlphp/00authsources.php
index dcec19737b..2c81ca07bd 100644
--- saml/univention-saml/conffiles/etc/simplesamlphp/00authsources.php
+++ saml/univention-saml/conffiles/etc/simplesamlphp/00authsources.php
@@ -79,7 +79,7 @@ print(
         php_string("uid=sys-idp-user,cn=users,%s" % base),
         php_string(password),
         php_string(base),
-    ),
+    )
 )
 @!@
     // LDAP authentication source.

+++ This bug was initially created as a clone of Bug #56074 +++
Comment 1 Erik Damrose univentionstaff 2023-09-14 11:30:14 CEST 
Why did the test test/ucs-test/tests/03_ucr/37check-ucr-templates-py3-migration-status.py did not catch this problem? Its in the ignorelist. But why did we put it there, how can we avoid such a problem in the future.
Comment 2 Florian Best univentionstaff 2023-09-14 11:39:43 CEST 
(In reply to Erik Damrose from comment #1)
> Why did the test
> test/ucs-test/tests/03_ucr/37check-ucr-templates-py3-migration-status.py did
> not catch this problem? Its in the ignorelist. But why did we put it there,
> how can we avoid such a problem in the future.
We put this onto the ignore list as the output is not idempotent: the search attributes weren't sorted and the list/dict sorting differs in Py2/Py3.
Easy fix. I will provide a MR.
Comment 5 Florian Best univentionstaff 2023-09-19 09:30:08 CEST 
The UCR template has been adjusted to be Py2 compatible and its output is now idempotent.
Therefore 03_ucr/37check-ucr-templates-py3-migration-status.py will check it again.

univention-saml.yaml
e34377d0a733 | Bug #56588: restore Python 2.7 compatibility in UCR template

univention-saml (7.0.8-8)
e34377d0a733 | Bug #56588: restore Python 2.7 compatibility in UCR template

ucs-test (10.0.19-5)
e34377d0a733 | Bug #56588: restore Python 2.7 compatibility in UCR template
Comment 6 Nikola Radovanovic univentionstaff 2023-09-19 09:37:24 CEST 
QA:
YAML: OK
package build: OK
run UCR tests: OK
First Last Prev Next    This bug is not in your last search results.