Barbican

Are Consumer URL and/or Consumer Name optional?

Bug #1536748 reported by Priti Desai on 2016-01-21

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Barbican	Fix Released	High	Dave McCowan	Barbican pike-1 "p1"

Bug Description

A request for creating a consumer without any URL is accepted and a consumer is created:

curl -X POST http://10.0.2.15:9311/v1/containers/f10f7e4a-26f6-474a-89eb-a5aea32272a0/consumers -H "X-Auth-Token: $TOKEN" -H "Content-Type: application/json" -d '{"name": "ConsumerWithLowerCaseURL", "URL": ""}'

{
"status":"ACTIVE",
"updated":"2016-01-21T18:06:28.983955",
"name":"testcontainer",
"consumers":[
{
"URL":"",
"name":"ConsumerWithLowerCaseURL"
}
],
"created":"2015-11-19T19:32:44",
"container_ref":"http://10.0.2.15:9311/v1/containers/f10f7e4a-26f6-474a-89eb-a5aea32272a0",
"creator_id":"54521dfc18cf445cb50d62a0c5d4f634",
"secret_refs":[
],
"type":"generic"
}

A request for creating consumer without any Name and URL is also accepted and a consumer is created:

curl -X POST http://10.0.2.15:9311/v1/containers/f10f7e4a-26f6-474a-89eb-a5aea32272a0/consumers -H "X-Auth-Token: $TOKEN" -H "Content-Type: application/json" -d '{"name": "", "URL": ""}'

{
"status":"ACTIVE",
"updated":"2016-01-21T18:08:31.820230",
"name":"testcontainer",
"consumers":[
{
"URL":"",
"name":"ConsumerWithLowerCaseURL"
},
{
"URL":"",
"name":""
}
],
"created":"2015-11-19T19:32:44",
"container_ref":"http://10.0.2.15:9311/v1/containers/f10f7e4a-26f6-474a-89eb-a5aea32272a0",
"creator_id":"54521dfc18cf445cb50d62a0c5d4f634",
"secret_refs":[
],
"type":"generic"
}

Is this a valid behavior or should report error when URL or Name is not provided?

Douglas Mendizábal (dougmendizabal) on 2017-02-23

Changed in barbican:
importance:	Undecided → High
milestone:	none → pike-1

Revision history for this message

Dave McCowan (dave-mccowan) wrote on 2017-03-21:

Both URL and name are coded as required parameters, but no checking is done for an empty string. So "" is treated as a valid name or URL.

Douglas Mendizábal (dougmendizabal) on 2017-03-21

Changed in barbican:
status:	New → Confirmed

Dave McCowan (dave-mccowan) on 2017-03-22

Changed in barbican:
assignee:	nobody → Dave McCowan (dave-mccowan)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-03-22: Fix proposed to barbican (master)

Fix proposed to branch: master
Review: https://review.openstack.org/448318

Changed in barbican:
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-03-27: Fix merged to barbican (master)

Reviewed: https://review.openstack.org/448318
Committed: https://git.openstack.org/cgit/openstack/barbican/commit/?id=27cc58a5465c5e8b38a73a43eb2bc6ec67ca9593
Submitter: Jenkins
Branch: master

commit 27cc58a5465c5e8b38a73a43eb2bc6ec67ca9593
Author: Dave McCowan <email address hidden>
Date: Tue Mar 21 20:44:22 2017 -0400

Add missing validation to consumer controller

    Name and URL are required data elements when creating a consumer.
    Validation was done to ensure these fields were passed, but no
    check was done to make sure these fields were not empty.

This patches adds a minLength validation and add corresponding
unit and functional test cases.

Change-Id: Ib33ab9b311c03ff7ba7f766e857496eb5b1602d4
Closes-bug: #1536748

Changed in barbican:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-04-11: Fix included in openstack/barbican 5.0.0.0b1

This issue was fixed in the openstack/barbican 5.0.0.0b1 development milestone.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.