878227 – keystone endpoint-create doesn't validate input

Bug 878227 - keystone endpoint-create doesn't validate input

Summary: keystone endpoint-create doesn't validate input

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	python-keystoneclient
Sub Component:
Version:	2.0 (Folsom)
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	5.0 (RHEL 7)
Assignee:	Alan Pevec
QA Contact:	Ami Jeain
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-11-19 21:42 UTC by Dan Yocum
Modified:	2016-04-26 19:11 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-01-28 22:06:27 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Dan Yocum 2012-11-19 21:42:44 UTC

Description of problem:
In ESSEX it is possible to break access to horizon (and probably other things) when attempting to manually create an invalid endpoint using 'keystone endpoint-create ...' with the wrong CLI options and possibly the wrong values passed to those options.

Version-Release number of selected component (if applicable):

Essex

How reproducible:

Every

Steps to Reproduce:
1.created an incompletely endpoint thusly (note: no publicurl, adminurl, and internalurl):

keystone endpoint-create --region RegionOne --service_id 6a0447de95554667
8dac94324c394956

2. Attempt to login via the horizon web UI
3.
  
Actual results:

Permission denied

Expected results:

Access granted

Additional info:

I've also opened this bug upstream: https://bugs.launchpad.net/keystone/+bug/1080862

Comment 3 RHEL Program Management 2012-11-20 09:37:43 UTC

Development Management has reviewed and declined this request.
You may appeal this decision by reopening this request.

Comment 4 Dan Yocum 2012-11-20 16:01:03 UTC

If this is fixed in Folsom, that's ok with me.

Comment 5 Martin Magr 2012-12-18 13:45:14 UTC

Reopening since I did the same on Folsom:

[para@virtual-rhel-beta ~(keystone_admin)]$ keystone service-create --name=glance --type=image --description="Glance Image Service"
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |       Glance Image Service       |
|      id     | ac82850b67284a6f954dca3498a04bb4 |
|     name    |              glance              |
|     type    |              image               |
+-------------+----------------------------------+
[para@virtual-rhel-beta ~(keystone_admin)]$ keystone endpoint-create --service_id ac82850b67284a6f954dca3498a04bb4
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
|   adminurl  |                                  |
|      id     | 7d6cec22e05b4777b485464d36fa12e5 |
| internalurl |                                  |
|  publicurl  |                                  |
|    region   |            regionOne             |
|  service_id | ac82850b67284a6f954dca3498a04bb4 |
+-------------+----------------------------------+

[para@virtual-rhel-beta ~(keystone_admin)]$ rpm -qa *keystone
openstack-keystone-2012.2.1-1.el6ost.noarch
python-keystone-2012.2.1-1.el6ost.noarch

Comment 6 Alan Pevec 2012-12-18 14:21:49 UTC

(In reply to comment #5)
> Reopening since I did the same on Folsom:

But it doesn't "break access to horizon (and probably other things)" right?
Validation part is not critical, and would be inherited when fixed upstream.

Comment 7 Martin Magr 2013-04-29 08:11:24 UTC

No, it didn't break access to horizon. I agree that it's not critical.

Comment 8 Adam Young 2014-01-28 22:06:27 UTC

Upstream NACK means this will not be fixed.  

It is not possible to validate the Endpoint, as the endpoint might not be available at time of creation.

Note You need to log in before you can comment on or make changes to this bug.