zaqar

Keystone v3 header shouldn't be distinguished by case

Bug #1553398 reported by Fernando Ribeiro
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
zaqar
New
Undecided
Unassigned

Bug Description

The 'X-Project-Id' (lower case 'd') header of Keystone v3 [1] is distinguished by case in several places in Zaqar, including the WebSocket endpoint, which generate errors if the 'X-Project-ID' (upper case 'D') header is sent instead.

You may refer to section 3.2 of RFC 7230 [1] for details.

[1] https://tools.ietf.org/html/rfc7230

See original description
Fernando Ribeiro (fribeiro)
summary: - Misspelled Keystone header
+ Misspelled Keystone v3 header
description: updated
Tin Lam (lamt)
Changed in zaqar:
assignee: nobody → Tin Lam (tl3438)
Tin Lam (lamt)
Changed in zaqar:
status: New → In Progress
Revision history for this message
Tin Lam (lamt) wrote : Re: Misspelled Keystone v3 header

Per review comment - https://review.openstack.org/#/c/288809/ - not sure if the fix is needed, since header is in fact case insensitive. Might be just code churn to lower case the D.

Fernando Ribeiro (fribeiro)
summary: - Misspelled Keystone v3 header
+ Keystone v3 Header Shouldn't be Distinguished by Case
Revision history for this message
Fernando Ribeiro (fribeiro) wrote :

Updated the ticket title and description to address the real issue.

description: updated
Fernando Ribeiro (fribeiro)
summary: - Keystone v3 Header Shouldn't be Distinguished by Case
+ Keystone v3 header shouldn't be distinguished by case
Fernando Ribeiro (fribeiro)
Changed in zaqar:
status: In Progress → New
assignee: Tin Lam (tl3438) → nobody
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on zaqar (master)

Change abandoned by Tin Lam (<email address hidden>) on branch: master
Review: https://review.openstack.org/288809
Reason: Abandon this. If time permit, I will submit another fix for this. Instead of changing header field spelling, we need to handle the dictionary case insensitively.

Revision history for this message
Eva Balycheva (ubershy) wrote :

Good catch. Yes, all our headers in websocket API should be case insensitive. But they're not. I can try to fix it too in the near future.

This is a part of a log, when I pass project id header with different case:

2016-03-26 01:19:39.246 13043 DEBUG zaqar.common.api.api [-] Schema validation failed. 'X-Project-ID' is a required property

Failed validating 'required' in schema['properties']['headers']:
    {'properties': {'Accept': {'type': 'string'},
                    'Client-ID': {'type': 'string'},
                    'Date': {'type': 'string'},
                    'User-Agent': {'type': 'string'},
                    'X-Auth-Token': {'type': 'string'},
                    'X-Project-ID': {'type': 'string'}},
     'required': ['Client-ID', 'X-Project-ID'],
     'type': 'object'}

On instance['headers']:
    {u'Client-ID': u'355186cd-d1e8-4108-a3ac-a2183617232a',
     u'X-Auth-Token': u'eb7dfa1c902f4ba49d26bbc4f243961b',
     u'X-Project-Id': u'7530fad032ca431e9dc8ed4a5de5d99c'}. validate /opt/stack/zaqar/zaqar/common/api/api.py:78

Fernando Ribeiro (fribeiro)
description: updated
Revision history for this message
Eva Balycheva (ubershy) wrote :

As I said before, I can't reproduce this bug on WSGI. No matter in which case I write 'X-Project-Id' header in my request, my request is processed normally by Zaqar.

Revision history for this message
Fernando Ribeiro (fribeiro) wrote :

Allright, will double check and get back to you soon.

Revision history for this message
Fernando Ribeiro (fribeiro) wrote :

The issue really doesn't affect the WSGI transport, will update the description accordingly.

description: updated
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.