Python client library for Keystone

keystone endpoint-create doesn't validate input

Reported by Dan Yocum on 2012-11-19
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
python-keystoneclient
Medium
Harshavardhan Reddy M

Bug Description

Hi,

In ESSEX it is possible to break access to horizon (and probably other things) when attempting to manually create an invalid endpoint using 'keystone endpoint-create ...' with the wrong CLI options and possibly the wrong values passed to those options.

For instance, I created an incompletely endpoint thusly (note: no publicurl, adminurl, and internalurl):

keystone endpoint-create --region RegionOne --service_id 6a0447de95554667
8dac94324c394956

This immediately denied me and others access to the horizon dashboard because the endpoint was invalid. Luckily, issuing 'keystone endpoint-delete <uuid of invalid endpoint>' immediately restored access.

This is a case of poor input validation.

Dan

Alan Pevec (apevec) on 2012-11-20
affects: keystone → python-keystoneclient
Changed in python-keystoneclient:
status: New → Invalid
status: Invalid → New
Changed in python-keystoneclient:
assignee: nobody → Harshavardhan Reddy M (hvreddy1110)
Changed in python-keystoneclient:
status: New → In Progress

Hi Dan,

In the latest release this issue is not there.

Can you please check once again.

Thank You.

Dolph Mathews (dolph) on 2013-05-29
Changed in python-keystoneclient:
status: In Progress → Incomplete
importance: Undecided → Medium

Issue is not there in grizzly.every thing seems to work as expected.
So shall we move this bug to invalid as it is not reprodused on latest(grizzly) release?.

Thank You,

Regards
Harsha

Dolph Mathews (dolph) wrote :

Yes, thanks for the feedback!

Changed in python-keystoneclient:
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers