OpenStack Identity (keystone)

Creating a region without request parameters failed.

Bug #1501740 reported by Kouichi Katano
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Medium
Dave Chen
OpenStack Identity (keystone) mitaka-3 "m3"

Bug Description

Use Identity API v3 (CURRENT)

URL: http://developer.openstack.org/api-ref-identity-v3.html#createRegion

Issu: Creating a region failed when optional parameters are not specified.

"POST /v3/regions" has 3 parameters, which are "region", "description" and "parent_region_id".
"description" and "parent_region_id" are optional.
Although this API with only "region" parameter should succeed, it fails.

I confirmed this issue by the following command:

curl -s -X POST -H "X-Auth-Token: $TOKEN" -H "Content-type: application/json" http://localhost:5000/v3/regions -d '{ "region": {} }' | python -m json.tool
{
    "error": {
        "code": 400,
        "message": "Expecting to find region in request body - the server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.",
        "title": "Bad Request"
    }
}

Revision history for this message
Steve Martinelli (stevemar) wrote :

this looks like a bad request, it says it can't even find the region key in the payload

Revision history for this message
Steve Martinelli (stevemar) wrote :

I tried this, looks like it's semi-valid, I managed to get it working by just supplying `enabled`:

curl -g -i -X POST http://172.16.240.138:35357/v3/regions -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "Accept: application/json" -H "X-Auth-Token: fc9c7dc3cdf14c9d87764a82846d2d6b" -d '{"region": {"enabled": true}}'

Revision history for this message
Steve Martinelli (stevemar) wrote :

marking this as mitaka, i don't think it's critical enough for liberty, since most clients that create regions will end up supplying defaults or using a user-defined ID

Changed in keystone:
status: New → Confirmed
importance: Undecided → Medium
milestone: none → mitaka-1
Dolph Mathews (dolph)
tags: added: kilo-backport-potential liberty-backport-potential
Revision history for this message
Dave Chen (wei-d-chen) wrote :

Seems like no field is required for creating region, we could do some relax in the our validation [1], but if we do that, there will some complaint that error message is not help for some API where empty request body is not allowed, some trade-off should be considered in this case.

copy the following info from https://bugs.launchpad.net/keystone/+bug/1466872.

"
When no request body is provided at all, the above error message happens.

When this body is provided:

{
   "service": {}
}

you get this back:

{
    "error": {
        "message": "{} does not have enough properties",
        "code": 400,
        "title": "Bad Request"
    }
}
"

[1] https://github.com/openstack/keystone/blob/master/keystone/common/validation/__init__.py#L52

Dave Chen (wei-d-chen)
Changed in keystone:
assignee: nobody → Dave Chen (wei-d-chen)
Revision history for this message
David Stanek (dstanek) wrote :

Can we change validated() is accept a new optional parameter, maybe 'allow_empty', that defaults to the current behavior? I don't think we should change this in a way that is not backward compatible.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/237448

Changed in keystone:
status: Confirmed → In Progress
Steve Martinelli (stevemar)
Changed in keystone:
milestone: mitaka-1 → mitaka-2
Revision history for this message
Steve Martinelli (stevemar) wrote :

not gating, moving to mitaka-3, there's still some discussion as to how to fix this, good midcycle topic

Changed in keystone:
milestone: mitaka-2 → mitaka-3
OpenStack Infra (hudson-openstack)
Changed in keystone:
assignee: Dave Chen (wei-d-chen) → Steve Martinelli (stevemar)
Steve Martinelli (stevemar)
Changed in keystone:
assignee: Steve Martinelli (stevemar) → Dave Chen (wei-d-chen)
OpenStack Infra (hudson-openstack)
Changed in keystone:
assignee: Dave Chen (wei-d-chen) → Steve Martinelli (stevemar)
Steve Martinelli (stevemar)
Changed in keystone:
assignee: Steve Martinelli (stevemar) → Dave Chen (wei-d-chen)
OpenStack Infra (hudson-openstack)
Changed in keystone:
assignee: Dave Chen (wei-d-chen) → Brant Knudson (blk-u)
Steve Martinelli (stevemar)
Changed in keystone:
assignee: Brant Knudson (blk-u) → Dave Chen (wei-d-chen)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/237448
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=ba7973b86992b4f8c9ee69c1d94ca4d9569eab4c
Submitter: Jenkins
Branch: master

commit ba7973b86992b4f8c9ee69c1d94ca4d9569eab4c
Author: Dave Chen <email address hidden>
Date: Tue Oct 20 15:44:32 2015 +0800

    Fix schema validation to use JSONSchema for empty entity

    APIs such as region creation allow an empty entity (a random UUID will
    be generated as the region in this case).

    Keystone uses JSONShema for validation and will allow an empty entity
    to be passed if the schema doesn't have `required` properties (as the
    region creation schema allows).

    The patch fixes the schema validation code to pass even an empty entity
    to JSONSchema validation so that an API such as region create can pass
    the validation and can be created successfully.

    Change-Id: If3dd49af5e16bb3b741efa4573f9f8e9085ddd14
    Closes-Bug: #1501740

Changed in keystone:
status: In Progress → Fix Released
Revision history for this message
Brant Knudson (blk-u) wrote :

Removed the kilo backport tag since this doesn't meet the criteria - http://docs.openstack.org/project-team-guide/stable-branches.html :

Phase II (6-12 months): Only critical bugfixes and security patches are acceptable

tags: removed: kilo-backport-potential
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (stable/liberty)

Fix proposed to branch: stable/liberty
Review: https://review.openstack.org/274141

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (stable/liberty)

Reviewed: https://review.openstack.org/274141
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=01b89c6195fa90b8d91406851ee52979fe038b37
Submitter: Jenkins
Branch: stable/liberty

commit 01b89c6195fa90b8d91406851ee52979fe038b37
Author: Dave Chen <email address hidden>
Date: Tue Oct 20 15:44:32 2015 +0800

    Fix schema validation to use JSONSchema for empty entity

    APIs such as region creation allow an empty entity (a random UUID will
    be generated as the region in this case).

    Keystone uses JSONShema for validation and will allow an empty entity
    to be passed if the schema doesn't have `required` properties (as the
    region creation schema allows).

    The patch fixes the schema validation code to pass even an empty entity
    to JSONSchema validation so that an API such as region create can pass
    the validation and can be created successfully.

    Change-Id: If3dd49af5e16bb3b741efa4573f9f8e9085ddd14
    Closes-Bug: #1501740
    (cherry picked from commit ba7973b86992b4f8c9ee69c1d94ca4d9569eab4c)

tags: added: in-stable-liberty
Revision history for this message
Thierry Carrez (ttx) wrote : Fix included in openstack/keystone 9.0.0.0b3

This issue was fixed in the openstack/keystone 9.0.0.0b3 development milestone.

Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/keystone 8.1.0

This issue was fixed in the openstack/keystone 8.1.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.