400 Bad Request not raised for string values of 'enabled'

Bug #1167593 reported by Thomas Kadauke on 2013-04-10
18
This bug affects 4 people
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Medium
Justin Shepherd

Bug Description

Some time between folsom and grizzly, the type of the enabled field in the keystone project table was changed from string (u'true'/u'false') to boolean (1/0), which is a good thing. However, before, the API accepted a POST call to /v2.0/tenants with a json payload containing

  "enabled": "true"

Using the same payload now results in an invalid SQL query:

  ERROR invalid literal for int() with base 10: 'true' (original cause: ValueError: invalid literal for int() with base 10: 'true') 'INSERT INTO project (id, name, domain_id, description, enabled, extra) VALUES (%s, %s, %s, %s, %s, %s)' [{'description': None, 'extra': {}, 'enabled': u'true', 'id': 'bf9788701b0e46139f9d5e71ccc58bdf', 'domain_id': 'default', 'name': u'service'}]

The solution is to use

  "enabled": "1"

as the JSON payload. IMHO this is a bug, since:

1) A formerly valid way to use the API does not work anymore, without a change in the API version number.
2) The string 'true' is passed to the SQL statement without any validation. In fact, any string I put in the JSON is given straight to the database. I haven't tried to do SQL injection though, since I don't want to destroy my DB.
3) The error message should really be improved. IMHO, there should be no 500 internal server errors originating from an invalid SQL caused by an invalid use of the API at all.

Btw. The same happens for user creation on POST /v2.0/users.

Changed in keystone:
status: New → Confirmed
tags: added: grizzly-backport-potential
Dolph Mathews (dolph) wrote :

The correct solution is to use {"enabled": true} (an actual JSON boolean). I'd argue that "true" was never valid, and neither is "1" -- both values should raise a 400 Bad Request back to the API.

Changed in keystone:
importance: Undecided → Medium
summary: - Incompatible API change for tenant/user creation
+ 400 Bad Request not raised for string values of 'enabled'

Fix proposed to branch: master
Review: https://review.openstack.org/32758

Changed in keystone:
assignee: nobody → Justin Shepherd (jshepher)
status: Confirmed → In Progress

Reviewed: https://review.openstack.org/32758
Committed: http://github.com/openstack/keystone/commit/716f4027ee57c146f3b472f1edae0c11503240c3
Submitter: Jenkins
Branch: master

commit 716f4027ee57c146f3b472f1edae0c11503240c3
Author: galstrom21 <email address hidden>
Date: Wed Jun 12 12:39:48 2013 -0500

    Add checks to test if enabled is bool

      fixes: bug #1167593

    Change-Id: Ie18fa17f16383f31d8aa083e69fa501d80eb4553

Changed in keystone:
status: In Progress → Fix Committed
Thierry Carrez (ttx) on 2013-07-17
Changed in keystone:
milestone: none → havana-2
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2013-10-17
Changed in keystone:
milestone: havana-2 → 2013.2
Alan Pevec (apevec) on 2014-03-30
tags: removed: grizzly-backport-potential
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers