OpenStack Identity (keystone)

Credential list API returns list of available credentials when user passes invalid name as query parameter

Bug #1693498 reported by Pooja Jadhav on 2017-05-25

This bug report is a duplicate of: Bug #1654084: Listing resources with invalid filters should result in a 400. Edit Remove

6

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	In Progress	Wishlist	Vishakha Agarwal

Bug Description

In credential list API, when user passes the query parameter as name with invalid value then, it returns list of all available credentials.

Steps to reproduce:

1. Curl Command
curl -g -i -X GET http://10.232.48.206/identity/v3/credentials?name=2dba5076c6f14c2ea6bf691e7d0ba71534333333 -H "User-Agent: python-keystoneclient" -H "Accept: application/json" -H "X-Auth-Token: fddae55403c247a1bb1ddc6751424c63"

2. Response
HTTP/1.1 200 OK
Date: Thu, 25 May 2017 11:40:57 GMT
Server: Apache/2.4.18 (Ubuntu)
Vary: X-Auth-Token
Content-Type: application/json
Content-Length: 410
x-openstack-request-id: req-4cfb95d7-6424-4151-819b-37d195e20b43
Connection: close

3. Output
{"credentials": [{"user_id": "8c3b0c35d48142b3a1b5078bb7abd203", "links": {"self": "http://10.232.48.206/identity/v3/credentials/52c7d4b344174e92b83a35e5cf873262"}, "blob": "test_data", "project_id": null, "type": "cert", "id": "52c7d4b344174e92b83a35e5cf873262"}], "links": {"self": "http://10.232.48.206/identity/v3/credentials?name=2dba5076c6f14c2ea6bf691e7d0ba71534333333", "previous": null, "next": null}}

In my opinion to maintain the consistency, Credential list API should return empty list when invalid query parameter is passed. Same issue is present for the policy API also.

master:
commit e171c7905556d372a236b227d4ef599ea3034920
Author: OpenStack Proposal Bot <email address hidden>
Date: Sat May 20 04:36:44 2017 +0000

Tags:

Pooja Jadhav (poojajadhav) on 2017-05-25

Changed in keystone:
assignee:	nobody → Pooja Jadhav (poojajadhav)

Revision history for this message

Lance Bragstad (lbragstad) wrote on 2017-05-26:

#1

The team had plans to deprecate the Credential and Policy APIs in the Pike release. Since that's the plan moving forward, I'm not sure it makes sense investing time into fixing the query parameter issues with those APIs.

Revision history for this message

Lance Bragstad (lbragstad) wrote on 2017-05-26:

#2

This work is documented in etherpads from the PTG [0].

[0] https://etherpad.openstack.org/p/pike-ptg-keystone-deprecations

Pooja Jadhav (poojajadhav) on 2017-05-29

Changed in keystone:
status:	New → In Progress

Revision history for this message

Pooja Jadhav (poojajadhav) wrote on 2017-05-31:

#3

Hi all,

Though credential and policy APIs get deprecated, but the issue is still remain for the (region, endpoint, domain) APIs so IMO this need to be fix.

Revision history for this message

Lance Bragstad (lbragstad) wrote on 2017-06-09:

#4

If there are other APIs that are affected by this behavior then we should include them in this bug report and make it a bit more general. That will make it easier to ensure keystone handles this case consistently across all APIs and not just a couple.

Revision history for this message

Lance Bragstad (lbragstad) wrote on 2018-04-09:

#5

Automatically unassigning due to inactivity.

Changed in keystone:
assignee:	Pooja Jadhav (poojajadhav) → nobody

Vishakha Agarwal (vishakha.agarwal) on 2020-07-17

Changed in keystone:
assignee:	nobody → Vishakha Agarwal (vishakha.agarwal)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-07-23: Fix proposed to keystone (master)

#6

Fix proposed to branch: master
Review: https://review.opendev.org/742715

Revision history for this message

Colleen Murphy (krinkle) wrote on 2020-07-28:

#7

This is valid but we can't fix it without breaking the API, see context here https://bugs.launchpad.net/keystone/+bug/1654084/comments/7

Marking this as "wishlist" priority.

tags:	added: fix-requires-microversion
Changed in keystone:
importance:	Undecided → Wishlist

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-07-29: Change abandoned on keystone (master)

#8

Change abandoned by Vishakha Agarwal (<email address hidden>) on branch: master
Review: https://review.opendev.org/742715
Reason: It requires microversion inorder to chane the API.

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1654084 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.