Ubuntu
keystone package

Object references not validated (returning 500 instead of 404)

Bug #963056 reported by Dolph Mathews
58
This bug affects 6 people
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Medium
Dolph Mathews
keystone (Ubuntu)
Fix Released
Medium
Dolph Mathews
Precise
Won't Fix
Undecided
Unassigned

Bug Description

User-specified object references are (with a few recent exceptions) not validated within keystone, resulting in a poor user experience.

This has resulted in:
 - keystone is storing bad data, resulting in subtle/difficult to debug issues
 - Requests returning 500 instead of 404 with useful user-feedback (exceptions vary by backend)
- Several bug reports, including bug 956414 and bug 956417

Given invalid references, all keystoneclient commands should cause keystone to return keystone.exception.NotFound (which the client knows how to handle) with a message indicating what type of reference failed and how it was referenced.

The purpose of this bug is to track this issue in a central location, rather than in numerous disparate bugs.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/5730

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: master
Review: https://review.openstack.org/5734

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: master
Review: https://review.openstack.org/5785

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: master
Review: https://review.openstack.org/5786

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: master
Review: https://review.openstack.org/5787

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: master
Review: https://review.openstack.org/5788

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: master
Review: https://review.openstack.org/5789

Dolph Mathews (dolph)
tags: added: essex-rc-potential
Dolph Mathews (dolph)
Changed in keystone:
milestone: none → keystone-essex-rc2
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/5730
Committed: http://github.com/openstack/keystone/commit/19eb80bead361814a1955d0c0f12b17de5695dbe
Submitter: Jenkins
Branch: master

commit 19eb80bead361814a1955d0c0f12b17de5695dbe
Author: Dolph Mathews <email address hidden>
Date: Fri Mar 23 09:10:59 2012 -0500

    role-crud 404 (bug 963056)

    role-get
    role-delete
    role-list

    Change-Id: I099b1e1e5bd2cd77a2ea3b72fb0f14b88a3af26e

Changed in keystone:
status: In Progress → Fix Committed
OpenStack Infra (hudson-openstack)
Changed in keystone:
status: Fix Committed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Reviewed: https://review.openstack.org/5734
Committed: http://github.com/openstack/keystone/commit/5c8dcd2f2f1a7645f93f39c3f5784920e2099998
Submitter: Jenkins
Branch: master

commit 5c8dcd2f2f1a7645f93f39c3f5784920e2099998
Author: Dolph Mathews <email address hidden>
Date: Fri Mar 23 10:23:06 2012 -0500

    tenant-crud 404 (bug 963056)

    tenant-get
    tenant-update
    tenant-delete

    Change-Id: I9e67cea985f546c9ddf6ce6d82a11486099bd524

Changed in keystone:
status: In Progress → Fix Committed
OpenStack Infra (hudson-openstack)
Changed in keystone:
status: Fix Committed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Reviewed: https://review.openstack.org/5785
Committed: http://github.com/openstack/keystone/commit/16caf2083027eed84f042f7d2a97168e2f42a770
Submitter: Jenkins
Branch: master

commit 16caf2083027eed84f042f7d2a97168e2f42a770
Author: Dolph Mathews <email address hidden>
Date: Fri Mar 23 10:46:16 2012 -0500

    user-crud 404 (bug 963056)

    user-create
    user-get
    user-list
    user-update
    user-update-password
    user-delete

    Change-Id: I7762aaaae9817ea7426039e4700e16b59e18cba1

Changed in keystone:
status: In Progress → Fix Committed
OpenStack Infra (hudson-openstack)
Changed in keystone:
status: Fix Committed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Reviewed: https://review.openstack.org/5786
Committed: http://github.com/openstack/keystone/commit/a0b8f5412b69316611b009099151995714eabff4
Submitter: Jenkins
Branch: master

commit a0b8f5412b69316611b009099151995714eabff4
Author: Dolph Mathews <email address hidden>
Date: Sun Mar 25 11:18:29 2012 -0500

    service-crud 404 (bug 963056)

    service-delete
    service-get

    Change-Id: Ifecf4c74abf408b009a783a9d7be0e98219e0fe4

Changed in keystone:
status: In Progress → Fix Committed
OpenStack Infra (hudson-openstack)
Changed in keystone:
status: Fix Committed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Reviewed: https://review.openstack.org/5789
Committed: http://github.com/openstack/keystone/commit/a9c6fb1d39f84f79f97333f59ef757cfd9dc8fd2
Submitter: Jenkins
Branch: master

commit a9c6fb1d39f84f79f97333f59ef757cfd9dc8fd2
Author: Dolph Mathews <email address hidden>
Date: Sun Mar 25 11:40:44 2012 -0700

    ec2-credential-crud 404 (bug 963056)

    ec2-credential-create
    ec2-credential-delete
    ec2-credential-get
    ec2-credential-list

    Change-Id: If8bfb77017f55c24738baf18b937c78b179831e5

Changed in keystone:
status: In Progress → Fix Committed
status: Fix Committed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Reviewed: https://review.openstack.org/5788
Committed: http://github.com/openstack/keystone/commit/9e4fe654ed3f2fa4040ccbcd0ccc003f56f9bce2
Submitter: Jenkins
Branch: master

commit 9e4fe654ed3f2fa4040ccbcd0ccc003f56f9bce2
Author: Dolph Mathews <email address hidden>
Date: Sun Mar 25 12:03:26 2012 -0500

    user-role-crud 404 (bug 963056)

    user-role-add
    user-role-remove

    Change-Id: I1b3cd019d0d110b01ed175822cdd6c9ddb486412

Changed in keystone:
status: In Progress → Fix Committed
OpenStack Infra (hudson-openstack)
Changed in keystone:
status: Fix Committed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Reviewed: https://review.openstack.org/5787
Committed: http://github.com/openstack/keystone/commit/9cf91c951ed74e245693ca1f1b3df8965484dc94
Submitter: Jenkins
Branch: master

commit 9cf91c951ed74e245693ca1f1b3df8965484dc94
Author: Dolph Mathews <email address hidden>
Date: Sun Mar 25 11:32:08 2012 -0500

    endpoint-crud 404 (bug 963056)

    endpoint-create
    endpoint-delete

    Change-Id: I70ae14ca385a0ed2d3438b8dc2f7ba93b91f400b

Changed in keystone:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/5919

Changed in keystone:
status: Fix Committed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: master
Review: https://review.openstack.org/5920

Thierry Carrez (ttx)
tags: removed: essex-rc-potential
Dolph Mathews (dolph)
Changed in keystone:
status: In Progress → Triaged
status: Triaged → Fix Committed
Revision history for this message
Thierry Carrez (ttx) wrote :

5919 and 5920 will be linked to another (Folsom) bug

Revision history for this message
Dolph Mathews (dolph) wrote :

Continuing performance/efficiency-related work in bug 968519 for folsom

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (milestone-proposed)

Fix proposed to branch: milestone-proposed
Review: https://review.openstack.org/6151

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: milestone-proposed
Review: https://review.openstack.org/6158

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (milestone-proposed)

Reviewed: https://review.openstack.org/6151
Committed: http://github.com/openstack/keystone/commit/b56e32645fa88cd21f4b5289cfb68d51fcbf740c
Submitter: Jenkins
Branch: milestone-proposed

commit b56e32645fa88cd21f4b5289cfb68d51fcbf740c
Author: Dolph Mathews <email address hidden>
Date: Fri Mar 23 09:10:59 2012 -0500

    role-crud 404 (bug 963056)

    role-get
    role-delete
    role-list

    Change-Id: I099b1e1e5bd2cd77a2ea3b72fb0f14b88a3af26e

Changed in keystone:
status: Fix Committed → Fix Released
Revision history for this message
Thierry Carrez (ttx) wrote :

6 more to go :)

Changed in keystone:
status: Fix Released → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Reviewed: https://review.openstack.org/6158
Committed: http://github.com/openstack/keystone/commit/d9959d85a759b4acdff52c25f20a9462d66b185d
Submitter: Jenkins
Branch: milestone-proposed

commit d9959d85a759b4acdff52c25f20a9462d66b185d
Author: Dolph Mathews <email address hidden>
Date: Fri Mar 23 10:23:06 2012 -0500

    tenant-crud 404 (bug 963056)

    tenant-get
    tenant-update
    tenant-delete

    Change-Id: I9e67cea985f546c9ddf6ce6d82a11486099bd524

Changed in keystone:
status: Fix Committed → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (milestone-proposed)

Fix proposed to branch: milestone-proposed
Review: https://review.openstack.org/6160

Revision history for this message
Thierry Carrez (ttx) wrote :

5 to go. Will do them in one squashed commit.

Changed in keystone:
status: Fix Released → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (milestone-proposed)

Reviewed: https://review.openstack.org/6160
Committed: http://github.com/openstack/keystone/commit/b1336b0a3921621741ff8ba2adbc44113357e175
Submitter: Jenkins
Branch: milestone-proposed

commit b1336b0a3921621741ff8ba2adbc44113357e175
Author: Dolph Mathews <email address hidden>
Date: Fri Mar 23 10:46:16 2012 -0500

    Validate object refs (return 404 instead of 500)

    Combined fix for bug 963056:
    user-crud 404
    service-crud 404
    ec2-credential-crud 404
    user-role-crud 404
    endpoint-crud 404

    Change-Id: I7762aaaae9817ea7426039e4700e16b59e18cba1

Changed in keystone:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in keystone:
milestone: essex-rc2 → 2012.1
Chuck Short (zulcss)
affects: keystone → ubuntu
Changed in ubuntu:
milestone: 2012.1 → none
affects: ubuntu → keystone (Ubuntu)
Joseph Heck (heckj)
Changed in keystone:
status: New → Fix Released
status: Fix Released → Confirmed
importance: Undecided → Medium
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in keystone (Ubuntu Precise):
status: New → Confirmed
Dolph Mathews (dolph)
Changed in keystone:
assignee: nobody → Dolph Mathews (dolph)
Revision history for this message
Dolph Mathews (dolph) wrote :

This was fixed in keystone in the above series of changes, and continued / further improved in bug 968519.

Changed in keystone:
status: Confirmed → Fix Committed
Dolph Mathews (dolph)
Changed in keystone:
status: Fix Committed → Fix Released
Revision history for this message
Steve Langasek (vorlon) wrote :

The Precise Pangolin has reached end of life, so this bug will not be fixed for that release

Changed in keystone (Ubuntu Precise):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.