OpenStack Identity (keystone)

Tenant can be created with name more than 64 characters in length

Bug #966249 reported by Unmesh Gurjar
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Undecided
Unmesh Gurjar
OpenStack Identity (keystone) 2012.2 "folsom"

Bug Description

Scenario: Using the Keystone Admin API, create a tenant with name more than 64 characters long.

Expected Result: API must return a 400 BadRequest error specifying the name length should not exceed 64 characters.

Actual Result: Tenant gets registered, but the name is truncated to 64 characters.

Branch: master

See original description
Tags: ntt
Unmesh Gurjar (unmesh-gurjar)
Changed in keystone:
assignee: nobody → Unmesh Gurjar (unmesh-gurjar)
description: updated
Revision history for this message
Dolph Mathews (dolph) wrote :

I assume this is dependent on the backend driver, and this issue probably only applies to SQL?

Revision history for this message
Joseph Heck (heckj) wrote :

Unmesh - could you reply with a note about what back-end you were using to be able reproduce this issue?

Also - perhaps a dummy question - why is a tenant with a name > 64 characters an issue or error?

Changed in keystone:
status: New → Incomplete
Revision history for this message
Unmesh Gurjar (unmesh-gurjar) wrote :

I reproduced this issue using the SQL backend (identity driver = keystone.identity.backends.sql.Identity).
Error should be returned on (creating a tenant with name more than 64 characters in length) because the value stored in database is truncated (also, the API user does not know about the value being truncated).
Current implementation will return a 409 Conflict, if the first 64 characters of two tenant names are same.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/6138

Changed in keystone:
status: Incomplete → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/6138
Committed: http://github.com/openstack/keystone/commit/b69dbc2f2748cf3261dce02057c60cdb7affd4ce
Submitter: Jenkins
Branch: master

commit b69dbc2f2748cf3261dce02057c60cdb7affd4ce
Author: Unmesh Gurjar <email address hidden>
Date: Tue Apr 3 11:45:22 2012 +0530

    Added tenant name validation. Fixes bug 966249.

    1. Verified name length while creating/updating tenant (for all backends).
    2. Disallowed blank tenant name in create/update.
    3. Added unit test coverage.

    Change-Id: Ied1e2707ba16e14d791308fb618ca18effa0245f

Changed in keystone:
status: In Progress → Fix Committed
Joseph Heck (heckj)
Changed in keystone:
milestone: none → folsom-1
Thierry Carrez (ttx)
Changed in keystone:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in keystone:
milestone: folsom-1 → 2012.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.