keystone endpoint-create doesn't validate input
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-keystoneclient |
Invalid
|
Medium
|
Harshavardhan Reddy M |
Bug Description
Hi,
In ESSEX it is possible to break access to horizon (and probably other things) when attempting to manually create an invalid endpoint using 'keystone endpoint-create ...' with the wrong CLI options and possibly the wrong values passed to those options.
For instance, I created an incompletely endpoint thusly (note: no publicurl, adminurl, and internalurl):
keystone endpoint-create --region RegionOne --service_id 6a0447de95554667
8dac94324c394956
This immediately denied me and others access to the horizon dashboard because the endpoint was invalid. Luckily, issuing 'keystone endpoint-delete <uuid of invalid endpoint>' immediately restored access.
This is a case of poor input validation.
Dan
affects: | keystone → python-keystoneclient |
Changed in python-keystoneclient: | |
status: | New → Invalid |
status: | Invalid → New |
Changed in python-keystoneclient: | |
assignee: | nobody → Harshavardhan Reddy M (hvreddy1110) |
Changed in python-keystoneclient: | |
status: | New → In Progress |
Changed in python-keystoneclient: | |
status: | In Progress → Incomplete |
importance: | Undecided → Medium |
Hi Dan,
In the latest release this issue is not there.
Can you please check once again.
Thank You.