OpenStack Identity (keystone)

Disable user lists without a filter

Bug #1211586 reported by Adam Young
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Won't Fix
Wishlist
Raildo Mascena de Sousa Filho

Bug Description

Depends on a solution to https://bugs.launchpad.net/keystone/+bug/1211582

Once Keystone can filter search results, it needs a config option the disables return results with no query, and instead returns an appropriate HTTP response code.

Probably: 412 Precondition Failed
a message body would also state: "reason": "filter_required"

Revision history for this message
Dolph Mathews (dolph) wrote :

That would probably be an abuse of 412... a 400 would be sufficient, though. Either way, the error condition should be defined in identity-api

Morgan Fainberg (mdrnstm)
Changed in keystone:
status: New → Confirmed
Revision history for this message
Steve Martinelli (stevemar) wrote :

Wouldn't this be a massive change in behaviour?!

Ryosuke Mizuno (r-mizuno)
Changed in keystone:
assignee: nobody → Ryosuke Mizuno (r-mizuno)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/314829

Changed in keystone:
status: Confirmed → In Progress
Revision history for this message
Samuel de Medeiros Queiroz (samueldmq) wrote :

Can't this be restricted in the policy ? Seems better than adding lots of options to the server

Revision history for this message
Lance Bragstad (lbragstad) wrote :

Automatically unassigning due to inactivity. We have a patch in review but it looks like it needs some attention. I'll leave the bug "In Progress" but unassigning in the event someone else has the bandwidth to pick up the patch.

Changed in keystone:
assignee: Ryosuke Mizuno (r-mizuno) → nobody
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: master
Review: https://review.openstack.org/392306

Changed in keystone:
assignee: nobody → Adam Young (ayoung)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on keystone (master)

Change abandoned by ayoung (<email address hidden>) on branch: master
Review: https://review.openstack.org/392306
Reason: Will use https://review.openstack.org/#/c/314829/ instead

OpenStack Infra (hudson-openstack)
Changed in keystone:
assignee: Adam Young (ayoung) → Raildo Mascena de Sousa Filho (raildo)
assignee: Raildo Mascena de Sousa Filho (raildo) → Adam Young (ayoung)
OpenStack Infra (hudson-openstack)
Changed in keystone:
assignee: Adam Young (ayoung) → Raildo Mascena de Sousa Filho (raildo)
Steve Martinelli (stevemar)
Changed in keystone:
milestone: none → ocata-1
Revision history for this message
Steve Martinelli (stevemar) wrote :

I'm not convinced this is a good approach. I'd prefer to work with the horizon team to make sure the list users page posts a filter/search panel instead of trying to list everything.

Changed in keystone:
milestone: ocata-1 → none
Revision history for this message
Steve Martinelli (stevemar) wrote :

So, i believe the origin of this bug was a way to make horizon fall on the floor when a user navigates to the user panel, when keystone is backed by ldap. This has been addressed by the horizon team here: https://review.openstack.org/#/c/419133/

Changing behaviour based on a configuration option seems like a hack. Listing all users is fine, unless using LDAP, in which case, use filters. Let's make clients smarter and call the right APIs.

Changed in keystone:
status: In Progress → Won't Fix
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Change abandoned by Lance Bragstad (<email address hidden>) on branch: master
Review: https://review.openstack.org/314829
Reason: This has gone a while without an update and based on the reasoning in the bug it doesn't sound like this is needed anymore.

https://bugs.launchpad.net/keystone/+bug/1211586

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.