878229 – glance member-add doesn't validate input

Bug 878229 - glance member-add doesn't validate input

Summary: glance member-add doesn't validate input

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-glance
Sub Component:
Version:	1.0 (Essex)
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	beta
Target Release:	3.0
Assignee:	Flavio Percoco
QA Contact:	Attila Fazekas
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-11-19 21:44 UTC by Dan Yocum
Modified:	2016-04-27 02:40 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-05-06 16:12:44 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Launchpad	1080864	0	None	None	None	Never

Description Dan Yocum 2012-11-19 21:44:46 UTC

Description of problem:
In ESSEX it is possible to enter invalid data in the glance database when adding members to images.

Version-Release number of selected component (if applicable):

Essex

How reproducible:

Every

Steps to Reproduce:
1.glance member-add foo

2.
3.
  
Actual results:

member-foo added to database even though neither project nor user 'foo' exists

Expected results:

member 'foo' not added to database

Additional info:

I've also opened this bug upstream: 
https://bugs.launchpad.net/keystone/+bug/1080864

Comment 2 Mark McLoughlin 2012-12-07 09:41:29 UTC

Thanks Dan. This is good feedback and is being taken on-board upstream

I'd suggest closing this as UPSTREAM - this will be fixed in RHOS when we rebase to an upstream version which fixes it. We're unlikely to fix in RHOS before then, given that it's probably a fairly significant change.

Comment 5 Yaniv Kaul 2012-12-30 08:04:29 UTC

For the record, still happens in Folsom (just that member-add was changed to member-create). One can add non-existent tenants to an image.
[root@ykaul-os-horizon ~(keystone_admin)]$ glance member-list --image-id a92439a6-5923-4ca8-98ae-ceabe3c164f6
+--------------------------------------+----------------------------------+-----------+
| Image ID                             | Member ID                        | Can Share |
+--------------------------------------+----------------------------------+-----------+
| a92439a6-5923-4ca8-98ae-ceabe3c164f6 | 32af8050fbc247fd9ab9b0dc67237fcc | True      |
+--------------------------------------+----------------------------------+-----------+

Now adding with a non-existent ID (similar to above, only with '1' at the end of the ID):

[root@ykaul-os-horizon ~(keystone_admin)]$ glance member-create a92439a6-5923-4ca8-98ae-ceabe3c164f6 32af8050fbc247fd9ab9b0dc67237fc1 --can-share
[root@ykaul-os-horizon ~(keystone_admin)]$ echo $?
0
[root@ykaul-os-horizon ~(keystone_admin)]$ glance member-list --image-id a92439a6-5923-4ca8-98ae-ceabe3c164f6
+--------------------------------------+----------------------------------+-----------+
| Image ID                             | Member ID                        | Can Share |
+--------------------------------------+----------------------------------+-----------+
| a92439a6-5923-4ca8-98ae-ceabe3c164f6 | 32af8050fbc247fd9ab9b0dc67237fc1 | True      |
| a92439a6-5923-4ca8-98ae-ceabe3c164f6 | 32af8050fbc247fd9ab9b0dc67237fcc | True      |
+--------------------------------------+----------------------------------+-----------+

openstack-glance-2012.2.1-1.el6ost.noarch

Comment 6 Flavio Percoco 2013-05-06 16:12:44 UTC

After some discussions upstream, this issue was closed as not a bug since this is the desired behavior. Glance doesn't check if the tenant is valid when adding a new member. 

Please, read the bug report linked in the external trackers for a more detailed information.

Note You need to log in before you can comment on or make changes to this bug.