Ubuntu

Object references not validated (returning 500 instead of 404)

Reported by Dolph Mathews on 2012-03-23
58
This bug affects 6 people
Affects Status Importance Assigned to Milestone
Keystone
Medium
Dolph Mathews
keystone (Ubuntu)
Medium
Dolph Mathews
Precise
Undecided
Unassigned

Bug Description

User-specified object references are (with a few recent exceptions) not validated within keystone, resulting in a poor user experience.

This has resulted in:
 - keystone is storing bad data, resulting in subtle/difficult to debug issues
 - Requests returning 500 instead of 404 with useful user-feedback (exceptions vary by backend)
- Several bug reports, including bug 956414 and bug 956417

Given invalid references, all keystoneclient commands should cause keystone to return keystone.exception.NotFound (which the client knows how to handle) with a message indicating what type of reference failed and how it was referenced.

The purpose of this bug is to track this issue in a central location, rather than in numerous disparate bugs.

Fix proposed to branch: master
Review: https://review.openstack.org/5734

Fix proposed to branch: master
Review: https://review.openstack.org/5785

Fix proposed to branch: master
Review: https://review.openstack.org/5786

Fix proposed to branch: master
Review: https://review.openstack.org/5787

Fix proposed to branch: master
Review: https://review.openstack.org/5788

Fix proposed to branch: master
Review: https://review.openstack.org/5789

Dolph Mathews (dolph) on 2012-03-26
tags: added: essex-rc-potential
Dolph Mathews (dolph) on 2012-03-27
Changed in keystone:
milestone: none → keystone-essex-rc2

Reviewed: https://review.openstack.org/5730
Committed: http://github.com/openstack/keystone/commit/19eb80bead361814a1955d0c0f12b17de5695dbe
Submitter: Jenkins
Branch: master

commit 19eb80bead361814a1955d0c0f12b17de5695dbe
Author: Dolph Mathews <email address hidden>
Date: Fri Mar 23 09:10:59 2012 -0500

    role-crud 404 (bug 963056)

    role-get
    role-delete
    role-list

    Change-Id: I099b1e1e5bd2cd77a2ea3b72fb0f14b88a3af26e

Changed in keystone:
status: In Progress → Fix Committed
Changed in keystone:
status: Fix Committed → In Progress

Reviewed: https://review.openstack.org/5734
Committed: http://github.com/openstack/keystone/commit/5c8dcd2f2f1a7645f93f39c3f5784920e2099998
Submitter: Jenkins
Branch: master

commit 5c8dcd2f2f1a7645f93f39c3f5784920e2099998
Author: Dolph Mathews <email address hidden>
Date: Fri Mar 23 10:23:06 2012 -0500

    tenant-crud 404 (bug 963056)

    tenant-get
    tenant-update
    tenant-delete

    Change-Id: I9e67cea985f546c9ddf6ce6d82a11486099bd524

Changed in keystone:
status: In Progress → Fix Committed
Changed in keystone:
status: Fix Committed → In Progress

Reviewed: https://review.openstack.org/5785
Committed: http://github.com/openstack/keystone/commit/16caf2083027eed84f042f7d2a97168e2f42a770
Submitter: Jenkins
Branch: master

commit 16caf2083027eed84f042f7d2a97168e2f42a770
Author: Dolph Mathews <email address hidden>
Date: Fri Mar 23 10:46:16 2012 -0500

    user-crud 404 (bug 963056)

    user-create
    user-get
    user-list
    user-update
    user-update-password
    user-delete

    Change-Id: I7762aaaae9817ea7426039e4700e16b59e18cba1

Changed in keystone:
status: In Progress → Fix Committed
Changed in keystone:
status: Fix Committed → In Progress

Reviewed: https://review.openstack.org/5786
Committed: http://github.com/openstack/keystone/commit/a0b8f5412b69316611b009099151995714eabff4
Submitter: Jenkins
Branch: master

commit a0b8f5412b69316611b009099151995714eabff4
Author: Dolph Mathews <email address hidden>
Date: Sun Mar 25 11:18:29 2012 -0500

    service-crud 404 (bug 963056)

    service-delete
    service-get

    Change-Id: Ifecf4c74abf408b009a783a9d7be0e98219e0fe4

Changed in keystone:
status: In Progress → Fix Committed
Changed in keystone:
status: Fix Committed → In Progress

Reviewed: https://review.openstack.org/5789
Committed: http://github.com/openstack/keystone/commit/a9c6fb1d39f84f79f97333f59ef757cfd9dc8fd2
Submitter: Jenkins
Branch: master

commit a9c6fb1d39f84f79f97333f59ef757cfd9dc8fd2
Author: Dolph Mathews <email address hidden>
Date: Sun Mar 25 11:40:44 2012 -0700

    ec2-credential-crud 404 (bug 963056)

    ec2-credential-create
    ec2-credential-delete
    ec2-credential-get
    ec2-credential-list

    Change-Id: If8bfb77017f55c24738baf18b937c78b179831e5

Changed in keystone:
status: In Progress → Fix Committed
status: Fix Committed → In Progress

Reviewed: https://review.openstack.org/5788
Committed: http://github.com/openstack/keystone/commit/9e4fe654ed3f2fa4040ccbcd0ccc003f56f9bce2
Submitter: Jenkins
Branch: master

commit 9e4fe654ed3f2fa4040ccbcd0ccc003f56f9bce2
Author: Dolph Mathews <email address hidden>
Date: Sun Mar 25 12:03:26 2012 -0500

    user-role-crud 404 (bug 963056)

    user-role-add
    user-role-remove

    Change-Id: I1b3cd019d0d110b01ed175822cdd6c9ddb486412

Changed in keystone:
status: In Progress → Fix Committed
Changed in keystone:
status: Fix Committed → In Progress

Reviewed: https://review.openstack.org/5787
Committed: http://github.com/openstack/keystone/commit/9cf91c951ed74e245693ca1f1b3df8965484dc94
Submitter: Jenkins
Branch: master

commit 9cf91c951ed74e245693ca1f1b3df8965484dc94
Author: Dolph Mathews <email address hidden>
Date: Sun Mar 25 11:32:08 2012 -0500

    endpoint-crud 404 (bug 963056)

    endpoint-create
    endpoint-delete

    Change-Id: I70ae14ca385a0ed2d3438b8dc2f7ba93b91f400b

Changed in keystone:
status: In Progress → Fix Committed

Fix proposed to branch: master
Review: https://review.openstack.org/5919

Changed in keystone:
status: Fix Committed → In Progress

Fix proposed to branch: master
Review: https://review.openstack.org/5920

Thierry Carrez (ttx) on 2012-03-29
tags: removed: essex-rc-potential
Dolph Mathews (dolph) on 2012-03-29
Changed in keystone:
status: In Progress → Triaged
status: Triaged → Fix Committed
Thierry Carrez (ttx) wrote :

5919 and 5920 will be linked to another (Folsom) bug

Dolph Mathews (dolph) wrote :

Continuing performance/efficiency-related work in bug 968519 for folsom

Fix proposed to branch: milestone-proposed
Review: https://review.openstack.org/6158

Reviewed: https://review.openstack.org/6151
Committed: http://github.com/openstack/keystone/commit/b56e32645fa88cd21f4b5289cfb68d51fcbf740c
Submitter: Jenkins
Branch: milestone-proposed

commit b56e32645fa88cd21f4b5289cfb68d51fcbf740c
Author: Dolph Mathews <email address hidden>
Date: Fri Mar 23 09:10:59 2012 -0500

    role-crud 404 (bug 963056)

    role-get
    role-delete
    role-list

    Change-Id: I099b1e1e5bd2cd77a2ea3b72fb0f14b88a3af26e

Changed in keystone:
status: Fix Committed → Fix Released
Thierry Carrez (ttx) wrote :

6 more to go :)

Changed in keystone:
status: Fix Released → Fix Committed

Reviewed: https://review.openstack.org/6158
Committed: http://github.com/openstack/keystone/commit/d9959d85a759b4acdff52c25f20a9462d66b185d
Submitter: Jenkins
Branch: milestone-proposed

commit d9959d85a759b4acdff52c25f20a9462d66b185d
Author: Dolph Mathews <email address hidden>
Date: Fri Mar 23 10:23:06 2012 -0500

    tenant-crud 404 (bug 963056)

    tenant-get
    tenant-update
    tenant-delete

    Change-Id: I9e67cea985f546c9ddf6ce6d82a11486099bd524

Changed in keystone:
status: Fix Committed → Fix Released
Thierry Carrez (ttx) wrote :

5 to go. Will do them in one squashed commit.

Changed in keystone:
status: Fix Released → Fix Committed

Reviewed: https://review.openstack.org/6160
Committed: http://github.com/openstack/keystone/commit/b1336b0a3921621741ff8ba2adbc44113357e175
Submitter: Jenkins
Branch: milestone-proposed

commit b1336b0a3921621741ff8ba2adbc44113357e175
Author: Dolph Mathews <email address hidden>
Date: Fri Mar 23 10:46:16 2012 -0500

    Validate object refs (return 404 instead of 500)

    Combined fix for bug 963056:
    user-crud 404
    service-crud 404
    ec2-credential-crud 404
    user-role-crud 404
    endpoint-crud 404

    Change-Id: I7762aaaae9817ea7426039e4700e16b59e18cba1

Changed in keystone:
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2012-04-05
Changed in keystone:
milestone: essex-rc2 → 2012.1
Chuck Short (zulcss) on 2012-05-28
affects: keystone → ubuntu
Changed in ubuntu:
milestone: 2012.1 → none
affects: ubuntu → keystone (Ubuntu)
Joseph Heck (heckj) on 2012-06-04
Changed in keystone:
status: New → Fix Released
status: Fix Released → Confirmed
importance: Undecided → Medium
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in keystone (Ubuntu Precise):
status: New → Confirmed
Dolph Mathews (dolph) on 2012-06-07
Changed in keystone:
assignee: nobody → Dolph Mathews (dolph)
Dolph Mathews (dolph) wrote :

This was fixed in keystone in the above series of changes, and continued / further improved in bug 968519.

Changed in keystone:
status: Confirmed → Fix Committed
Dolph Mathews (dolph) on 2012-07-16
Changed in keystone:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers