OpenStack Object Storage (swift)

swift middleware roles operation should be case insensitive

Bug #1013120 reported by Chmouel Boudjnah
14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Object Storage (swift)
Fix Released
Undecided
Kun Huang
OpenStack Object Storage (swift) 1.8.0 "grizzly"

Bug Description

Following a thread on the mailing list :

https://lists.launchpad.net/openstack/msg13074.html

we are doing case insensitive roles comparaison in OpenStack and the swift middleware should do the same.

Tags: swift-auth
Chmouel Boudjnah (chmouel)
Changed in keystone:
assignee: nobody → Chmouel Boudjnah (chmouel)
status: New → Confirmed
Revision history for this message
Alan Pevec (apevec) wrote :

swift middleware moved to Swift:
 https://github.com/openstack/swift/commit/afa4f70024be30cb1a0b84b9744f044f2532904f

keystone/middleware/swift_auth.py should probably be removed in Grizzly,
it has been neglected since that move

affects: keystone → swift
Revision history for this message
Kun Huang (academicgareth) wrote :

nice talk in https://lists.launchpad.net/openstack/msg13074.html
I think I agree insensitive case in middleware.
Their points are 'Admin' and 'admin' is different string but same meaning for role. Using insensitive case could tolerate human error. For example, user maybe set like this "operator_roles = Admin, swiftoperator"

BTW, I didn't found keystone lower its role string before send its data.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to swift (master)

Fix proposed to branch: master
Review: https://review.openstack.org/24142

Changed in swift:
assignee: Chmouel Boudjnah (chmouel) → Kun Huang (academicgareth)
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to swift (master)

Reviewed: https://review.openstack.org/24142
Committed: http://github.com/openstack/swift/commit/7dd966192a43f9937c3e9ac576708447634cdc00
Submitter: Jenkins
Branch: master

commit 7dd966192a43f9937c3e9ac576708447634cdc00
Author: Kun Huang <email address hidden>
Date: Mon Mar 18 13:15:09 2013 +0800

    Use role in insensitive case in keystoneauth.

    Using insensitive case could tolerate human error. For example,
    user maybe set like this "operator_roles = Admin, swiftoperator"

    - also fix a mistake in test, ['admin'] is correct value for roles, not
      'admin' (it will be looped as ['a', 'd', 'm', 'i', 'n'])
    - add test for insensitive cases

    Fixes: bug #1013120
    Change-Id: I56d71da8bc503e48e92dd743692ba6fc237f029e

Changed in swift:
status: In Progress → Fix Committed
John Dickinson (notmyname)
Changed in swift:
milestone: none → 1.8.0-rc2
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to swift (milestone-proposed)

Fix proposed to branch: milestone-proposed
Review: https://review.openstack.org/25493

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to swift (milestone-proposed)

Reviewed: https://review.openstack.org/25493
Committed: http://github.com/openstack/swift/commit/80ea2d7f6c264a4fdbd90cc83e54e8e901cd9508
Submitter: Jenkins
Branch: milestone-proposed

commit 80ea2d7f6c264a4fdbd90cc83e54e8e901cd9508
Author: Kun Huang <email address hidden>
Date: Mon Mar 18 13:15:09 2013 +0800

    Use role in insensitive case in keystoneauth.

    Using insensitive case could tolerate human error. For example,
    user maybe set like this "operator_roles = Admin, swiftoperator"

    - also fix a mistake in test, ['admin'] is correct value for roles, not
      'admin' (it will be looped as ['a', 'd', 'm', 'i', 'n'])
    - add test for insensitive cases

    Fixes: bug #1013120
    Change-Id: I56d71da8bc503e48e92dd743692ba6fc237f029e
    (cherry picked from commit 7dd966192a43f9937c3e9ac576708447634cdc00)

Changed in swift:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in swift:
milestone: 1.8.0-rc2 → 1.8.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.