Designate

Designate DNS – it’s possible to create Tsigkey using empty secret key.

Bug #1933760 reported by Arkady Shtempler
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Designate
New
Medium
Unassigned

Bug Description

Scenario:
Try to create Tsigkey using empty string

Actual Result:
Tsigkey is successfully created
2021-06-27 15:59:29.035 292921 INFO tempest.lib.common.rest_client [req-7e103208-0473-40ea-a040-0d6cf5bb7a61 ] Request (TsigkeyAdminTest:test_create_tsigkey_for_zone_empty_secret): 201 POST http://10.35.64.8/dns/v2/tsigkeys 0.090s
2021-06-27 15:59:29.036 292921 DEBUG tempest.lib.common.rest_client [req-7e103208-0473-40ea-a040-0d6cf5bb7a61 ] Request - Headers: {'Content-Type': 'application/json', 'Accept': 'application/json', 'X-Auth-Token': '<omitted>'}
        Body: {"name": "Example_Key-1226165891.com.", "algorithm": "hmac-sha256", "secret": "", "scope": "ZONE", "resource_id": "78ad8add-35ee-4bfe-9835-50dccf0fc807"}
    Response - Headers: {'date': 'Sun, 27 Jun 2021 12:59:28 GMT', 'server': 'Apache/2.4.41 (Ubuntu)', 'location': 'http://10.35.64.8/dns/v2/tsigkeys/f989a5c9-efe7-4cfd-b15e-38d91543e3ea', 'content-length': '356', 'x-openstack-request-id': 'req-7e103208-0473-40ea-a040-0d6cf5bb7a61', 'connection': 'close', 'content-type': 'application/json', 'status': '201', 'content-location': 'http://10.35.64.8/dns/v2/tsigkeys'}
        Body: b'{"id": "f989a5c9-efe7-4cfd-b15e-38d91543e3ea", "name": "Example_Key-1226165891.com.", "algorithm": "hmac-sha256", "secret": "", "scope": "ZONE", "resource_id": "78ad8add-35ee-4bfe-9835-50dccf0fc807", "created_at": "2021-06-27T12:59:29.000000", "updated_at": null, "links": {"self": "http://10.35.64.8/dns/v2/tsigkeys/f989a5c9-efe7-4cfd-b15e-38d91543e3ea"}}' _log_request_full /opt/stack/tempest/tempest/lib/common/rest_client.py:450
2021-06-27 15:59:29.100 292921 INFO tempest.lib.common.rest_client [req-47cf30b1-68ca-454b-b9e8-1c0f3cfade34 ] Request (TsigkeyAdminTest:_run_cleanups): 202 DELETE http://10.35.64.8/dns/v2/zones/78ad8add-35ee-4bfe-9835-50dccf0fc807 0.062s
2021-06-27 15:59:29.100 292921 DEBUG tempest.lib.common.rest_client [req-47cf30b1-68ca-454b-b9e8-1c0f3cfade34 ] Request - Headers: {'Content-Type': 'application/json', 'Accept': 'application/json', 'X-Auth-Token': '<omitted>'}

Expected:
Tsigkey should fail to be created

Michael Johnson (johnsom)
Changed in designate:
importance: Undecided → Medium
Arkady Shtempler (ashtempl)
summary: - Designate DNS – it’s possiblr to create Tsigkey using empty secret key.
+ Designate DNS – it’s possible to create Tsigkey using empty secret key.
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.