OpenStack Identity (keystone)

Invalid tokens obtained when tenantId/tenantName is missing/invalid

Bug #1006029 reported by Ding Deng
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Low
Dolph Mathews
OpenStack Identity (keystone) 2012.2 "folsom"

Bug Description

When POSTing to /v2.0/tokens to obtain a token, tenantId and tenantName are both optional according to #855182. However, if we truly omit tenantId and tenantName, or supply invalid ones, we get invalid tokens.

Reproducible: always.
Version: 2012.1.

Revision history for this message
Dolph Mathews (dolph) wrote :

Omitting tenantId and tenantName produces "unscoped" tokens; this is an expected behavior.

However, supplying invalid tenant references should raise a 404. This behavior should be resolved by https://review.openstack.org/#/c/6875/

Changed in keystone:
assignee: nobody → Dolph Mathews (dolph)
Revision history for this message
Dolph Mathews (dolph) wrote :

Confirmed that the above patch fixes this issue.

Prior to applying patch: http://paste.openstack.org/raw/18233/

After applying patch: http://paste.openstack.org/raw/18234/

Note that a 401 is raised (not a 404), which is actually correct (my mistake).

Changed in keystone:
importance: Undecided → Low
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/6875
Committed: http://github.com/openstack/keystone/commit/23ca656927947dada40591bdd1badd5a531c2983
Submitter: Jenkins
Branch: master

commit 23ca656927947dada40591bdd1badd5a531c2983
Author: Dolph Mathews <email address hidden>
Date: Wed Mar 28 10:37:16 2012 -0700

    Refactor 404's into managers & drivers (bug 968519)

    The goal is to move the responsibility of reference checks away from
    controllers and into the underlying managers & drivers, which can
    handle the task with equal or greater efficiency.

    - Tenant references from create_user/update_user are NOT tested
      due to inconsistencies between backends
    - Additional test coverage improvements

    Also fixes bug 999209, bug 999608, bug 1006029, bug 1006055, bug 1006287,
    bug 1006334, and bug 1006344.

    Change-Id: I7de592e7dd4518038436b9a9fdaab559b00a0537

Changed in keystone:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in keystone:
milestone: none → folsom-2
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in keystone:
milestone: folsom-2 → 2012.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.