Bug 878229 - glance member-add doesn't validate input
glance member-add doesn't validate input
Status: CLOSED NOTABUG
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-glance (Show other bugs)
1.0 (Essex)
All Linux
low Severity low
: beta
: 3.0
Assigned To: Flavio Percoco
Attila Fazekas
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-11-19 16:44 EST by Dan Yocum
Modified: 2016-04-26 22:40 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-05-06 12:12:44 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Launchpad 1080864 None None None Never

  None (edit)
Description Dan Yocum 2012-11-19 16:44:46 EST
Description of problem:
In ESSEX it is possible to enter invalid data in the glance database when adding members to images.

Version-Release number of selected component (if applicable):

Essex

How reproducible:

Every

Steps to Reproduce:
1.glance member-add foo

2.
3.
  
Actual results:

member-foo added to database even though neither project nor user 'foo' exists

Expected results:

member 'foo' not added to database

Additional info:

I've also opened this bug upstream: 
https://bugs.launchpad.net/keystone/+bug/1080864
Comment 2 Mark McLoughlin 2012-12-07 04:41:29 EST
Thanks Dan. This is good feedback and is being taken on-board upstream

I'd suggest closing this as UPSTREAM - this will be fixed in RHOS when we rebase to an upstream version which fixes it. We're unlikely to fix in RHOS before then, given that it's probably a fairly significant change.
Comment 5 Yaniv Kaul 2012-12-30 03:04:29 EST
For the record, still happens in Folsom (just that member-add was changed to member-create). One can add non-existent tenants to an image.
[root@ykaul-os-horizon ~(keystone_admin)]$ glance member-list --image-id a92439a6-5923-4ca8-98ae-ceabe3c164f6
+--------------------------------------+----------------------------------+-----------+
| Image ID                             | Member ID                        | Can Share |
+--------------------------------------+----------------------------------+-----------+
| a92439a6-5923-4ca8-98ae-ceabe3c164f6 | 32af8050fbc247fd9ab9b0dc67237fcc | True      |
+--------------------------------------+----------------------------------+-----------+

Now adding with a non-existent ID (similar to above, only with '1' at the end of the ID):

[root@ykaul-os-horizon ~(keystone_admin)]$ glance member-create a92439a6-5923-4ca8-98ae-ceabe3c164f6 32af8050fbc247fd9ab9b0dc67237fc1 --can-share
[root@ykaul-os-horizon ~(keystone_admin)]$ echo $?
0
[root@ykaul-os-horizon ~(keystone_admin)]$ glance member-list --image-id a92439a6-5923-4ca8-98ae-ceabe3c164f6
+--------------------------------------+----------------------------------+-----------+
| Image ID                             | Member ID                        | Can Share |
+--------------------------------------+----------------------------------+-----------+
| a92439a6-5923-4ca8-98ae-ceabe3c164f6 | 32af8050fbc247fd9ab9b0dc67237fc1 | True      |
| a92439a6-5923-4ca8-98ae-ceabe3c164f6 | 32af8050fbc247fd9ab9b0dc67237fcc | True      |
+--------------------------------------+----------------------------------+-----------+

openstack-glance-2012.2.1-1.el6ost.noarch
Comment 6 Flavio Percoco 2013-05-06 12:12:44 EDT
After some discussions upstream, this issue was closed as not a bug since this is the desired behavior. Glance doesn't check if the tenant is valid when adding a new member. 

Please, read the bug report linked in the external trackers for a more detailed information.

Note You need to log in before you can comment on or make changes to this bug.