OpenStack Identity (keystone)

A non-existing tenant can be added to a user

Bug #1246473 reported by Brad Pokorny
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Medium
Brad Pokorny
OpenStack Identity (keystone) 2014.1 "icehouse"

Bug Description

1. Create a user without setting the tenantId.

2. Update this user with adding a non-existing tenantId property
http://10.1.0.99:35357/v2.0/users/354eb97979364a368602b7ebf6362617
{
    "user": {
    "name": "user1",
    "email": "<email address hidden>",
    "tenantId":"55555555555555",
    "pass": "passw0rd",
    "enabled": true
    }
}

Actual Results: The user gets updated with the non-existing tenantId successfully.
[root@vs10 ˜]# keystone user-get user1
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | <email address hidden> |
| enabled | True |
| id | 354eb97979364a368602b7ebf6362617 |
| name | user1 |
| pass | passw0rd |
| tenantId | 55555555555555 |
+----------+----------------------------------+

Expected Results: Updating the user with the non-existing tenantId should fail.

Note that if the user already has a tenantId assigned to it, updating with a non-existing tenantId will fail as expected.

Brad Pokorny (bpokorny)
Changed in keystone:
assignee: nobody → Brad Pokorny (bpokorny)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/54631

Changed in keystone:
status: New → In Progress
Dolph Mathews (dolph)
Changed in keystone:
importance: Undecided → Medium
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/54631
Committed: http://github.com/openstack/keystone/commit/50d52538cf6128e4588bcce745dccb32a545e313
Submitter: Jenkins
Branch: master

commit 50d52538cf6128e4588bcce745dccb32a545e313
Author: Brad Pokorny <email address hidden>
Date: Wed Oct 30 21:14:29 2013 +0000

    Return an error when a non-existing tenant is added to a user

    Currently, if a user is created without a tenantId, adding a
    non-existing tenantId to that user succeeds. This change
    checks for whether the tenant exists in cases where the check
    was previously skipped.

    Closes-Bug: #1246473

    Change-Id: I2a814c5df902a97297ad05950ae4205664ddf6e6

Changed in keystone:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in keystone:
milestone: none → icehouse-1
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in keystone:
milestone: icehouse-1 → 2014.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.