Bug 970733
Summary: | Keystone API v3 project creation does not validates domain_id | ||
---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Pavel Sedlák <psedlak> |
Component: | openstack-keystone | Assignee: | Adam Young <ayoung> |
Status: | CLOSED ERRATA | QA Contact: | Jeremy Agee <jagee> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3.0 | CC: | ayoung, jagee, jkt, kbanerje, mlopes |
Target Milestone: | rc | ||
Target Release: | 4.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | openstack-keystone-2013.2-2.el6ost | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-12-20 00:04:34 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Pavel Sedlák
2013-06-04 17:59:07 UTC
Reproduced upstream. Problem is a little different than reported: Since the backend is SQL, it complains of a foreign key constraint. {"error": {"message": "Conflict occurred attempting to store project. (1452, 'Cannot add or update a child row: a foreign key constraint fails (`keystone`.`project`, CONSTRAINT `project_ibfk_1` FOREIGN KEY (`domain_id`) REFERENCES `domain` (`id`))')", "code": 409, "title": "Conflict"}}(.venv) What the origianl reporter saw was likely due to running against the KVS backend which did not check the constraint. This was included in Havana GA https://github.com/openstack/keystone/commit/e692eeadb9d8ae5f4797bcd28d597ee314ea8dff Tested with: openstack-keystone-2013.2-3.el6ost.noarch Confirmed when sql backend was in use the same error as mentioned in c#2 curl -X POST http://localhost:5000/v3/projects -H "content-type: application/json" -H "X-Auth-Token:$TEST_TOKEN" --data '{"project": {"domain_id":"invalid-domain", "name":"projectX", "enabled":true}}' {"error": {"message": "Conflict occurred attempting to store project. (1452, 'Cannot add or update a child row: a foreign key constraint fails (`keystone`.`project`, CONSTRAINT `project_ibfk_1` FOREIGN KEY (`domain_id`) REFERENCES `domain` (`id`))')", "code": 409, "title": "Conflict"}} Tested with kvs: /etc/keystone/keystone.conf [assignment] driver = keystone.assignment.backends.kvs.Assignment service openstack-keystone stop openstack-db --drop --service keystone openstack-db --init --service keystone service openstack-keystone start No domains exist: curl -X GET http://localhost:5000/v3/domains -H "content-type: application/json" -H "X-Auth-Token:ADMIN" {"domains": [], "links": {"self": "http://localhost:5000/v3/domains", "previous": null, "next": null}} Tested reported post request and got response: curl -X POST http://localhost:5000/v3/projects -H "content-type: application/json" -H "X-Auth-Token:ADMIN" --data '{"project": {"domain_id":"invalid-domain", "name":"projectX", "enabled":true}}' {"project": {"id": "20e03925290544158aeb363374954abe", "enabled": true, "domain_id": "invalid-domain", "links": {"self": "http://localhost:5000/v3/projects/20e03925290544158aeb363374954abe"}, "name": "projectX"}} Checked and it was saved to kvs: curl -X GET http://localhost:5000/v3/projects -H "content-type: application/json" -H "X-Auth-Token:ADMIN" {"links": {"self": "http://localhost:5000/v3/projects", "previous": null, "next": null}, "projects": [{"domain_id": "invalid-domain", "enabled": true, "id": "ba66b34455eb4b47a2efbf676c5577bc", "links": {"self": "http://localhost:5000/v3/projects/ba66b34455eb4b47a2efbf676c5577bc"}, "name": "projectX"}]} Do we still classify this as expected behavior? Posting without "domain_id" will set it to the expected "default" value. this is expected behaviour, to allow v2 and v3 API interoperability. making as verified Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2013-1859.html |