OpenStack Identity (keystone)

"name" field is not validated properly for endpoint creation

Bug #1579014 reported by Keerthana Mohankumar on 2016-05-06

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	Low	Samuel Pilla	OpenStack Identity (keystone) pike-1 "pike-1"

Bug Description

In open-stack doc, for endpoint creation it is mentioned only "region_id" and "enabled" fields are optional. If we don't mention "region_id" field also,it will show it as "null" in response body.

http://developer.openstack.org/api-ref-identity-v3.html

But in creation of endpoint, "name" field is not validated. The endpoint is created even without "name" field. If this is the expected behavior, it should have mentioned as "optional" in open-stack doc.

Case 1: The "name" field is missing and returns response body without name field.
------
curl -i -k -X POST -H "Content-Type: application/json" -H "X-AUTH-TOKEN:$token" <url>/v3/endpoints -d '
    {
    "endpoint": {
    "interface": "public",
    "region":"regionOne",
    "url": "<url>",
    "service_id": "a64f07375af641bc9dfc925d2dae55d6"
    }
    }'
HTTP/1.1 201 Created

{"endpoint": {"region_id": "regionOne", "links": {"self": "<url>/v3/endpoints/e0b29542cf5a49f19e6c22a39506c088"}, "url": "<url>", "region": "regionOne", "enabled": true, "interface": "public", "service_id": "a64f07375af641bc9dfc925d2dae55d6", "id": "e0b29542cf5a49f19e6c22a39506c088"}}

Case 2: The "name" field is misspelt as "nme" but response body is returned with same.
------
curl -i -k -X POST -H "Content-Type: application/json" -H "X-AUTH-TOKEN:$token" <url>/v3/endpoints -d '
    {
    "endpoint": {
    "interface": "public",
    "nme": "endpointOne",
    "region":"regionOne",
    "url": "<url>",
    "service_id": "a64f07375af641bc9dfc925d2dae55d6"
    }
    }'
HTTP/1.1 201 Created

{"endpoint": {"region_id": "regionOne", "links": {"self": "<url>/v3/endpoints/fe5065ee0cf6450a9a73e8b6e9e09b5e"}, "url": "<url>", "region": "regionOne", "enabled": true, "nme": "endpointOne", "interface": "public", "service_id": "a64f07375af641bc9dfc925d2dae55d6", "id": "fe5065ee0cf6450a9a73e8b6e9e09b5e"}}

Case 3:
------
It is accepting any other extra-fields except the field with name "extra" and not including it in response body.

curl -i -k -X POST -H "Content-Type: application/json" -H "X-AUTH-TOKEN:$token" <url>/v3/endpoints -d '
    {
    "endpoint": {
    "interface": "public",
    "extra": "endpointOne",
    "region":"regionOne",
    "url": "<url>",
    "service_id": "a64f07375af641bc9dfc925d2dae55d6"
    }
    }'
HTTP/1.1 201 Created

{"endpoint": {"region_id": "regionOne", "links": {"self": "<url>/v3/endpoints/cf15299f69774d7d822ad706a5ccda78"}, "url": "<url>", "region": "regionOne", "enabled": true, "interface": "public", "service_id": "a64f07375af641bc9dfc925d2dae55d6", "id": "cf15299f69774d7d822ad706a5ccda78"}}

Deliang Fan (vanderliang) on 2016-05-09

Changed in keystone:
assignee:	nobody → Deliang Fan (vanderliang)

Srushti Gadadare (srushti-gadadare) on 2016-05-12

Changed in keystone:
status:	New → Confirmed

Deliang Fan (vanderliang) on 2016-05-12

Changed in keystone:
status:	Confirmed → In Progress

Revision history for this message

Deliang Fan (vanderliang) wrote on 2016-05-12:

Here is the parameter validation mechanism.

_endpoint_properties = {
    'enabled': parameter_types.boolean,
    'interface': {
        'type': 'string',
        'enum': ['admin', 'internal', 'public']
    },
    'region_id': {
        'type': 'string'
    },
    'region': {
        'type': 'string'
    },
    'service_id': {
        'type': 'string'
    },
    'url': parameter_types.url
}

endpoint_create = {
    'type': 'object',
    'properties': _endpoint_properties,
    'required': ['interface', 'service_id', 'url'],
    'additionalProperties': True
}

Name is not a required option, so we just need to revise the document.

Revision history for this message

Lance Bragstad (lbragstad) wrote on 2016-10-04:

Automatically unassigning due to inactivity.

Changed in keystone:
assignee:	Deliang Fan (vanderliang) → nobody
status:	In Progress → Triaged

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-01-13: Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/420085

Changed in keystone:
assignee:	nobody → Samuel Pilla (samuel.pilla)
status:	Triaged → In Progress

Steve Martinelli (stevemar) on 2017-01-13

Changed in keystone:
importance:	Undecided → Low

Revision history for this message

Lance Bragstad (lbragstad) wrote on 2017-02-03:

Posting a quick summary of what I think we can fix here after reviewing the original bug report and the proposed fix.

It sounds like there was two bugs in the original report. The first was that `name` wasn't considered an endpoint attribute, which was fixed already but not tracked in this report [0][1] (thanks, Dave!). The second was that `region_id` was being listed as a required argument, when it probably shouldn't be, which looks like it can be fixed with the proposed solution by Sam [2] (which should close this bug).

[0] https://github.com/openstack/keystone/commit/caa3a91b6804e548a116c02b14c6ac6377ed10db
[1] https://review.openstack.org/#/c/342738/1
[2] https://review.openstack.org/#/c/420085

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-02-03: Fix merged to keystone (master)

Reviewed: https://review.openstack.org/420085
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=49632aee6d0eb92f3d6a2ce88646772cde14543e
Submitter: Jenkins
Branch: master

commit 49632aee6d0eb92f3d6a2ce88646772cde14543e
Author: Samuel Pilla <email address hidden>
Date: Tue Jan 31 09:21:18 2017 -0600

Update endpoint api for optional region_id

    As per the bug, 'name' and 'nme' are not part of the 'endpoint'
    table and were being assigned to the 'extras' column. This is
    why they are not being validated.

The endpoint docs also show that `region_id` is not optional, even
though it is. This updates the docs to reflect optional `region_id`.

Closes-Bug: #1579014
Change-Id: I085b75c59767eb96b3bdfe3b887e5e2639122a34

Changed in keystone:
status:	In Progress → Fix Released

Steve Martinelli (stevemar) on 2017-02-03

Changed in keystone:
milestone:	none → pike-1

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-04-12: Fix included in openstack/keystone 12.0.0.0b1

This issue was fixed in the openstack/keystone 12.0.0.0b1 development milestone.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.