← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #03897

[Bug 1167593] Re: 400 Bad Request not raised for string values of 'enabled'

  Thread PreviousDate PreviousThread Next 
** Changed in: keystone
       Status: Fix Committed => Fix Released

** Changed in: keystone
    Milestone: None => havana-2

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1167593

Title:
  400 Bad Request not raised for string values of 'enabled'

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  Some time between folsom and grizzly, the type of the enabled field in
  the keystone project table was changed from string (u'true'/u'false')
  to boolean (1/0), which is a good thing. However, before, the API
  accepted a POST call to /v2.0/tenants with a json payload containing

    "enabled": "true"

  Using the same payload now results in an invalid SQL query:

    ERROR invalid literal for int() with base 10: 'true' (original
  cause: ValueError: invalid literal for int() with base 10: 'true')
  'INSERT INTO project (id, name, domain_id, description, enabled,
  extra) VALUES (%s, %s, %s, %s, %s, %s)' [{'description': None,
  'extra': {}, 'enabled': u'true', 'id':
  'bf9788701b0e46139f9d5e71ccc58bdf', 'domain_id': 'default', 'name':
  u'service'}]

  The solution is to use

    "enabled": "1"

  as the JSON payload. IMHO this is a bug, since:

  1) A formerly valid way to use the API does not work anymore, without a change in the API version number.
  2) The string 'true' is passed to the SQL statement without any validation. In fact, any string I put in the JSON is given straight to the database. I haven't tried to do SQL injection though, since I don't want to destroy my DB.
  3) The error message should really be improved. IMHO, there should be no 500 internal server errors originating from an invalid SQL caused by an invalid use of the API at all.

  Btw. The same happens for user creation on POST /v2.0/users.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1167593/+subscriptions
  Thread PreviousDate PreviousThread Next