OpenStack Identity (keystone)

Identity API v3: POST method for "Create Limits" is abnormal for a domain-id

Bug #1785164 reported by Bi wei on 2018-08-03

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	Undecided	wangxiyuan	OpenStack Identity (keystone) rocky-rc1

Bug Description

/v3/limits POST method for "Create Limits"

When setting a domain-id for "project_id" in request body, it still successfully creates a limit for the domain.
It is strange since we use a "project_id" to create limits for domain.

My test request was:
{
    "limits":[
        {
            "service_id": "10656fdd41e1429f8cb57f097935f327",
            "project_id": "default",
            "region_id": "RegionOne",
            "resource_name": "snapshot",
            "resource_limit": 5
        },
        {
            "service_id": "10656fdd41e1429f8cb57f097935f327",
            "project_id": "default",
            "resource_name": "volume",
            "resource_limit": 10,
            "description": "Number of volumes for project"
        }
    ]
}
and it successfully returned 201 - Created.

See original description

Bi wei (biwei) on 2018-08-03

description:

updated

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-08-03: Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/588460

Changed in keystone:
assignee:	nobody → wangxiyuan (wangxiyuan)
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-08-06: Related fix proposed to keystone (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/589241

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-08-06: Fix merged to keystone (master)

Reviewed: https://review.openstack.org/588460
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=bf3a8c09a095c2b037f114ba4770b59d6351c73b
Submitter: Zuul
Branch: master

commit bf3a8c09a095c2b037f114ba4770b59d6351c73b
Author: wangxiyuan <email address hidden>
Date: Fri Aug 3 15:33:44 2018 +0800

Do not allow create limits for domain

    Keystone now doesn't support domain-level limits. When creating
    limits, if the input project_id is a domain id, it should not be
    allowed.

Change-Id: Ifafd96113499d533341870960f294dd5fada477d
Closes-Bug: #1785164

Changed in keystone:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-08-07: Related fix merged to keystone (master)

Reviewed: https://review.openstack.org/589241
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=7eace83c60c36b3e066e0082937b73d1e7fbf20e
Submitter: Zuul
Branch: master

commit 7eace83c60c36b3e066e0082937b73d1e7fbf20e
Author: Lance Bragstad <email address hidden>
Date: Mon Aug 6 17:43:49 2018 +0000

Add a release note for bug 1785164

Change-Id: I72f090b02aab8cf8b5b3d0b3c71f6a0169de9931
Related-Bug: 1785164

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-08-09: Fix included in openstack/keystone 14.0.0.0rc1

This issue was fixed in the openstack/keystone 14.0.0.0rc1 release candidate.

Lance Bragstad (lbragstad) on 2019-01-28

Changed in keystone:
milestone:	none → rocky-rc1

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.