v2 member-create call allows adding an empty tenantId as member
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Glance |
Fix Released
|
Medium
|
Feilong Wang |
Bug Description
This happens with API calls only, the python-glanceclient does not allow it.
Note the request payload in this request:
curl -i -X POST -H "X-Auth-Token: $AUTH_TOKEN" \
> -H 'Content-Type: application/json' \
> -d '{ "member": "" }' \
> http://
Response:
HTTP/1.1 200 OK
Content-Length: 198
Content-Type: application/json; charset=UTF-8
X-Openstack-
Date: Thu, 26 Sep 2013 14:43:25 GMT
{"status": "pending", "created_at": "2013-09-
demo! curl -X GET -H "X-Auth-Token: $AUTH_TOKEN" -H 'Content-Type: application/json' http://
% Total % Received % Xferd Average Speed Time Time Time Current
100 478 100 478 0 0 16296 0 --:--:-- --:--:-- --:--:-- 17071
{
"members": [
{
},
{
}
],
"schema": "/v2/schemas/
}
Problem is that because of the structure of the delete call, you can't delete such an image member:
DELETE http://
Workaround is that this doesn't match any tenant IDs, so it has no effect, it just takes up space.
Changed in glance: | |
milestone: | none → havana-rc1 |
importance: | Undecided → Medium |
status: | New → Triaged |
Changed in glance: | |
assignee: | nobody → Fei Long Wang (flwang) |
Changed in glance: | |
status: | Triaged → In Progress |
Changed in glance: | |
status: | Fix Committed → Fix Released |
Changed in glance: | |
milestone: | havana-rc1 → 2013.2 |
Fix proposed to branch: master /review. openstack. org/48503
Review: https:/