keystone raise 500 error when create trust with invalid role key

Bug #1734244 reported by wangxiyuan on 2017-11-24
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Undecided
wangxiyuan

Bug Description

When a user try to create a trust, if the "roles" in the request body contains some invalid keys(except "id" and "name"), Keystone will raise 500 error.

an example:

curl -g -i -X POST http://10.3.150.25/identity/v3/OS-TRUST/trusts -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "Accept: application/json" -H "X-Auth-Token: gAAAAABaF5Odiawpf1t9BAAhyS3_FBZCKDPycpOnSndiC0TEmqemZvnINxcTPHLGR0J3mnjf60TdqIpct7SgO5movr5uWY-hmTT4R2Sr_5rYOPC_-w0y6XWbNn265U5IKVz0qMRr-1VagtuA3iPmyZkjCbFweZsP8yFkwWSxkY4_I0U6JTPzllM" -d '{"trust": {"impersonation": false, "project_id": "d88a1e3ce2504a10a5340225b85a844c", "trustor_user_id": "f98b4cc01a554453a84fa4b9ccf5a1f0", "roles": [{"fake_key": "123"}], "trustee_user_id": "c8b34ea0d6d6406aae5993061de92e77"}}'

wangxiyuan (wangxiyuan) on 2017-11-24
Changed in keystone:
assignee: nobody → wangxiyuan (wangxiyuan)

Fix proposed to branch: master
Review: https://review.openstack.org/522705

Changed in keystone:
status: New → In Progress

Fix proposed to branch: master
Review: https://review.openstack.org/522706

Changed in keystone:
assignee: wangxiyuan (wangxiyuan) → Colleen Murphy (krinkle)
Colleen Murphy (krinkle) on 2017-11-27
Changed in keystone:
assignee: Colleen Murphy (krinkle) → wangxiyuan (wangxiyuan)
Changed in keystone:
assignee: wangxiyuan (wangxiyuan) → Lance Bragstad (lbragstad)

Reviewed: https://review.openstack.org/522705
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=62f9e57cd81dc98c5816da9fa483d385b4c1a66c
Submitter: Zuul
Branch: master

commit 62f9e57cd81dc98c5816da9fa483d385b4c1a66c
Author: wangxiyuan <email address hidden>
Date: Fri Nov 24 12:31:19 2017 +0800

    Expose a bug when create trust with roles

    The test here should pass with 400 Bad Request because
    that there is no valid roles in the request body.
    But Keystone raise 500 error because that it doesn't
    check the roles key.

    Partial-Bug: #1734244
    Change-Id: Ic007c8f83717aa69ecb831d460a3829d3f8f1a6d

Reviewed: https://review.openstack.org/522706
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=f8e79ab50775bcf5964c7547297577d0a3b82519
Submitter: Zuul
Branch: master

commit f8e79ab50775bcf5964c7547297577d0a3b82519
Author: wangxiyuan <email address hidden>
Date: Fri Nov 24 12:40:20 2017 +0800

    Fix 500 error when create trust with invalid role key

    When create trust with invalid role key(neither 'id' nor
    'name'), Keystone should raise 400 BadRequest, instead of
    500 Internal Error.

    This patch removed the redundant loops in
    _normalize_role_list as well.

    Change-Id: I62bd201c1dda7b573e2ee8b97322c1f25275892c
    Closes-bug: #1734244

Changed in keystone:
status: In Progress → Fix Released
Changed in keystone:
assignee: Lance Bragstad (lbragstad) → wangxiyuan (wangxiyuan)
milestone: none → queens-2

This issue was fixed in the openstack/keystone 13.0.0.0b2 development milestone.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers