yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1231497] Re: v2 member-create call allows adding an empty tenantId as member

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Wed, 02 Oct 2013 15:46:30 -0000
Reply-to: Bug 1231497 <1231497@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: glance
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1231497

Title:
  v2 member-create call allows adding an empty tenantId as member

Status in OpenStack Image Registry and Delivery Service (Glance):
  Fix Released

Bug description:
  This happens with API calls only, the python-glanceclient does not
  allow it.

  Note the request payload in this request:

   curl -i -X POST -H "X-Auth-Token: $AUTH_TOKEN" \
  >   -H 'Content-Type: application/json' \
  >   -d '{ "member": "" }' \
  >   http://$GLANCE/v2/images/$IMG/members

  Response:
  HTTP/1.1 200 OK
  Content-Length: 198
  Content-Type: application/json; charset=UTF-8
  X-Openstack-Request-Id: req-54621fca-efc0-4800-a2d0-f25a4ee4671d
  Date: Thu, 26 Sep 2013 14:43:25 GMT

  {"status": "pending", "created_at": "2013-09-26T14:43:25Z",
  "updated_at": "2013-09-26T14:43:25Z", "image_id": "4551c8ab-ab07-4d4b-
  88f0-97be88f1c09b", "member_id": "", "schema": "/v2/schemas/member"}

  demo! curl -X GET -H "X-Auth-Token: $AUTH_TOKEN"   -H 'Content-Type: application/json'   http://$GLANCE/v2/images/$IMG/members | python -m json.tool
    % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                   Dload  Upload   Total   Spent    Left  Speed
  100   478  100   478    0     0  16296      0 --:--:-- --:--:-- --:--:-- 17071
  {
      "members": [
          {
              "created_at": "2013-09-26T14:43:25Z",
              "image_id": "4551c8ab-ab07-4d4b-88f0-97be88f1c09b",
              "member_id": "",
              "schema": "/v2/schemas/member",
              "status": "pending",
              "updated_at": "2013-09-26T14:43:25Z"
          },
          {
              "created_at": "2013-09-20T21:16:21Z",
              "image_id": "4551c8ab-ab07-4d4b-88f0-97be88f1c09b",
              "member_id": "8989447062e04a818baf9e073fd04fa7",
              "schema": "/v2/schemas/member",
              "status": "pending",
              "updated_at": "2013-09-20T21:16:21Z"
          }
      ],
      "schema": "/v2/schemas/members"
  }

  Problem is that because of the structure of the delete call, you can't delete such an image member:
  DELETE http://$GLANCE/v2/images/$IMG/members/$CONSUMER

  Workaround is that this doesn't match any tenant IDs, so it has no
  effect, it just takes up space.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1231497/+subscriptions