OpenStack Identity (keystone)

V2.0 parameter formatting for projects and groups should be removed from drivers

Bug #1391682 reported by Henry Nash
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Low
Ron De Rose

Bug Description

Currently the assignment sql & ldap drivers to name cleansing on the project name - this should really be done in the manager to avoid this duplication.

For example, the assignment/backend/sql.py module cleans parameters in the sql driver [1] for create_project(). The assignment/backend/ldap.py does the same validation on create_project() too [2]. This happens across different part of the V2.0 backends.

[1] https://github.com/openstack/keystone/blob/b05a540e52fde324791eb07ad36e6d59c608a9c9/keystone/assignment/backends/sql.py#L442
[2] https://github.com/openstack/keystone/blob/b05a540e52fde324791eb07ad36e6d59c608a9c9/keystone/assignment/backends/ldap.py#L72

Also, clean is in the ldap driver for formatting the group name, but it is not in the sql driver. Thus, the sql driver incorrectly allows for trailing whitespace, but ldap doesn't.

See original description
Tags: validation
Revision history for this message
Henry Nash (henry-nash) wrote :

This happens in project_create and project_update.

Changed in keystone:
importance: Undecided → Low
Revision history for this message
Lance Bragstad (lbragstad) wrote :

Hey Henry,

I have a patch up that does a little bit of this work for the v2.0 API.

https://review.openstack.org/#/c/132095/

I discovered it after https://bugs.launchpad.net/keystone/+bug/1387607 was opened and realized that we didn't need keystone/clean.py for sanitizing parameters for V3. The keystone/clean.py module is still used for cleaning parameters in the V2.0 api though, and like this bug describes, the calls to keystone/clean.py happen sporadically between the drivers and managers.

I was thinking that we could fix this one of two ways. The first step would be to consolidate all the 'validation' like calls for V2.0 in the controllers, like they are with the keystone/common/validation/ module for V3. Once that is done, we could propose a patch to use keystone/common/validation to validate the V2.0 API. I'm not sure how useful it would be to validate the whole V2.0 with the validation module thought since it is deprecated.

Either way, I'd be happy to help coordinate a fix with what is already proposed!

summary: - Parameter validation for projects crud should not happen in drivers
+ V2.0 Parameter validation for projects crud should not happen in drivers
description: updated
Lance Bragstad (lbragstad)
description: updated
Lance Bragstad (lbragstad)
Changed in keystone:
status: New → Confirmed
Steve Martinelli (stevemar)
tags: added: validation
Ron De Rose (ronald-de-rose)
Changed in keystone:
assignee: nobody → Ron De Rose (ronald-de-rose)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/294305

Changed in keystone:
status: Confirmed → In Progress
Ron De Rose (ronald-de-rose)
description: updated
summary: - V2.0 Parameter validation for projects crud should not happen in drivers
+ V2.0 parameter formatting for projects and groups should be removed from
+ drivers
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/294305
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=608832024230f8bca6ee95da28ae074fb68f4a44
Submitter: Jenkins
Branch: master

commit 608832024230f8bca6ee95da28ae074fb68f4a44
Author: Ronald De Rose <email address hidden>
Date: Thu Mar 17 22:03:44 2016 +0000

    Moved name formatting (clean) out of the driver

    Moved project name and group name formatting (clean) out of the driver
    and into the manager, which is aligned with how formatting is done for
    other attributes.

    Closes-Bug: 1391682

    Change-Id: Ifb35472e6609a153320a19b6ec672d24548f629b

Changed in keystone:
status: In Progress → Fix Released
Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/keystone 10.0.0.0b1

This issue was fixed in the openstack/keystone 10.0.0.0b1 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.