OpenStack Identity (keystone)

kvs and sql assignment backend create_grant checks user/group existence

Bug #1239476 reported by Brant Knudson on 2013-10-14

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	Medium	Brant Knudson	OpenStack Identity (keystone) 2014.1 "icehouse"

Bug Description

The kvs assignment backend checks that the user and group exists, whereas the SQL backend does not. The contract for both should be the same, so pick one behavior or the other. Seems like we should be checking here, since creating something.

kvs: https://github.com/openstack/keystone/blob/master/keystone/assignment/backends/kvs.py#L347

sql: https://github.com/openstack/keystone/blob/master/keystone/assignment/backends/sql.py#L97

See original description

Dolph Mathews (dolph) on 2013-10-14

description:	updated
Changed in keystone:
importance:	Undecided → Medium

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-10-30: Related fix proposed to keystone (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/54623

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-10-30: Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/54626

Changed in keystone:
assignee:	nobody → Brant Knudson (blk-u)
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-10-31: Related fix proposed to keystone (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/54758

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-11-03: Related fix merged to keystone (master)

Reviewed: https://review.openstack.org/54758
Committed: http://github.com/openstack/keystone/commit/edcfe99c66d5e7234c008526b1a0ff411f01f546
Submitter: Jenkins
Branch: master

commit edcfe99c66d5e7234c008526b1a0ff411f01f546
Author: Brant Knudson <email address hidden>
Date: Thu Oct 31 09:53:44 2013 -0500

Clean up duplicate exceptions in docs for assignment.Driver

keystone.exception.ProjectNotFound was duplicated in the
docstrings for some of the methods in assignment.Driver.

Related-Bug: #1239476
Change-Id: I2e20eff1f307fdba2dd75097302b11c1e98949e3

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-12-03:

Reviewed: https://review.openstack.org/54623
Committed: http://github.com/openstack/keystone/commit/065bd571fe6a3b0baf12631140648a059f48bea2
Submitter: Jenkins
Branch: master

commit 065bd571fe6a3b0baf12631140648a059f48bea2
Author: Brant Knudson <email address hidden>
Date: Wed Oct 30 15:10:48 2013 -0500

Enhance tests for assignment create_grant when no user or group

    There were no tests that show the behavior of create_grant when
    the user or group doesn't exist. Turns out the behavior is
    different depending on the backend (sql vs kvs vs ldap).

Change-Id: I71c3e2b94aaa44e40c8a891b49cc2a9961cee16f
Related-Bug: #1239476

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-12-03: Fix merged to keystone (master)

Reviewed: https://review.openstack.org/54626
Committed: http://github.com/openstack/keystone/commit/da8a0ebde12e990ea3c2a493f7b12c765514f861
Submitter: Jenkins
Branch: master

commit da8a0ebde12e990ea3c2a493f7b12c765514f861
Author: Brant Knudson <email address hidden>
Date: Wed Oct 30 16:59:20 2013 -0500

Fix KVS create_grant to not raise NotFound if no user/group

    The KVS assigment backend would fail with NotFound if the user
    or group didn't exist when calling create_grant while the SQL
    assignment backend did not fail.

    It's unreasonable to check if the user or group exists when
    creating a grant, so the KVS assignment backend is changed to
    not require the user or group to exist.

Closes-Bug: #1239476
Change-Id: I2d3b2fd82e7d4d33ac7158968d72cbfbe37528dc

Changed in keystone:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2013-12-04

Changed in keystone:
milestone:	none → icehouse-1
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2014-04-17

Changed in keystone:
milestone:	icehouse-1 → 2014.1

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.