yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #09103
[Bug 1273988] [NEW] keystoneclient requires --pass to create user while keystone doesn't
Public bug reported:
name is required in REST API, but CLI requires an extra argument --pass
# uname -a
Linux havana 3.8.0-29-generic #42~precise1-Ubuntu SMP Wed Aug 14 16:19:23 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
# keystone-manage --version
2013.2
# keystone --version
0.3.2
# curl -i -X POST http://160.132.0.17:35357/v2.0/users -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "X-Auth-Token: ac60d12b5b6c668f726a" -d '{"user": {"name": "test-create"}}'
HTTP/1.1 200 OK
Vary: X-Auth-Token
Content-Type: application/json
Content-Length: 92
Date: Wed, 29 Jan 2014 07:27:09 GMT
{"user": {"enabled": true, "name": "test-create", "id":
"f23d8e2835a0491db1f13a313446768d"}}
# keystone user-create --name test-create
Expecting to find string in password. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error. (HTTP 400)
if keystone cli supports creating an user without pass, we can update
that user's password by:
# keystone user-password-update test-create --pass xxx
to verify this solution:
# keystone user-role-add --user test-create --tenant admin --role admin # can be other tenant and role
# keystone --os-username test-create --os-password xxx --os-tenant-name admin user-get test-create
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| enabled | True |
| id | f23d8e2835a0491db1f13a313446768d |
| name | test-create |
+----------+----------------------------------+
the problem is that
# keystone --debug user-create --name test-create
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
REQ: curl -i -X POST http://160.132.0.17:35357/v2.0/users -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "X-Auth-Token: ac60d12b5b6c668f726a"
REQ BODY: {"user": {"email": null, "password": null, "enabled": true, "name": "test-create", "tenantId": null}}
RESP: [400] CaseInsensitiveDict({'date': 'Wed, 29 Jan 2014 07:43:58 GMT', 'vary': 'X-Auth-Token', 'content-length': '236', 'content-type': 'application/json'})
RESP BODY: {"error": {"message": "Expecting to find string in password. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.", "code": 400, "title": "Bad Request"}}
the server side can bare pass attribute is not set, but cannot accept it
is None....
we can fix this via set --pass to SUPRESS or update the server side
validation to treat None as not set and leave it blank in db backend, I
would prefer fix both side, since some user may claim such problem when
he try to send a rest.json={..., 'pass': null} to server.
ref:
https://github.com/openstack/keystone/blob/2013.2.1/keystone/common/utils.py#L100
** Affects: keystone
Importance: Undecided
Assignee: ZhiQiang Fan (aji-zqfan)
Status: New
** Affects: python-keystoneclient
Importance: Undecided
Assignee: ZhiQiang Fan (aji-zqfan)
Status: New
** Changed in: python-keystoneclient
Assignee: (unassigned) => ZhiQiang Fan (aji-zqfan)
** Also affects: keystone
Importance: Undecided
Status: New
** Changed in: keystone
Assignee: (unassigned) => ZhiQiang Fan (aji-zqfan)
** Description changed:
name is required in REST API, but CLI requires an extra argument --pass
+
+ # uname -a
+ Linux havana 3.8.0-29-generic #42~precise1-Ubuntu SMP Wed Aug 14 16:19:23 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
+
+ # keystone-manage --version
+ 2013.2
# keystone --version
0.3.2
# curl -i -X POST http://160.132.0.17:35357/v2.0/users -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "X-Auth-Token: ac60d12b5b6c668f726a" -d '{"user": {"name": "test-create"}}'
HTTP/1.1 200 OK
Vary: X-Auth-Token
Content-Type: application/json
Content-Length: 92
Date: Wed, 29 Jan 2014 07:27:09 GMT
{"user": {"enabled": true, "name": "test-create", "id":
"f23d8e2835a0491db1f13a313446768d"}}
# keystone user-create --name test-create
Expecting to find string in password. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error. (HTTP 400)
if keystone cli supports creating an user without pass, we can update
that user's password by:
# keystone user-password-update test-create --pass xxx
to verify this solution:
# keystone user-role-add --user test-create --tenant admin --role admin # can be other tenant and role
# keystone --os-username test-create --os-password xxx --os-tenant-name admin user-get test-create
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| enabled | True |
| id | f23d8e2835a0491db1f13a313446768d |
| name | test-create |
+----------+----------------------------------+
the problem is that
# keystone --debug user-create --name test-create
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
REQ: curl -i -X POST http://160.132.0.17:35357/v2.0/users -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "X-Auth-Token: ac60d12b5b6c668f726a"
REQ BODY: {"user": {"email": null, "password": null, "enabled": true, "name": "test-create", "tenantId": null}}
RESP: [400] CaseInsensitiveDict({'date': 'Wed, 29 Jan 2014 07:43:58 GMT', 'vary': 'X-Auth-Token', 'content-length': '236', 'content-type': 'application/json'})
RESP BODY: {"error": {"message": "Expecting to find string in password. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.", "code": 400, "title": "Bad Request"}}
the server side can bare pass attribute is not set, but cannot accept it
is None....
we can fix this via set --pass to SUPRESS or update the server side
validation to treat None as not set and leave it blank in db backend, I
would prefer fix both side, since some user may claim such problem when
he try to send a rest.json={..., 'pass': null} to server.
ref:
https://github.com/openstack/keystone/blob/2013.2.1/keystone/common/utils.py#L100
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1273988
Title:
keystoneclient requires --pass to create user while keystone doesn't
Status in OpenStack Identity (Keystone):
New
Status in Python client library for Keystone:
New
Bug description:
name is required in REST API, but CLI requires an extra argument
--pass
# uname -a
Linux havana 3.8.0-29-generic #42~precise1-Ubuntu SMP Wed Aug 14 16:19:23 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
# keystone-manage --version
2013.2
# keystone --version
0.3.2
# curl -i -X POST http://160.132.0.17:35357/v2.0/users -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "X-Auth-Token: ac60d12b5b6c668f726a" -d '{"user": {"name": "test-create"}}'
HTTP/1.1 200 OK
Vary: X-Auth-Token
Content-Type: application/json
Content-Length: 92
Date: Wed, 29 Jan 2014 07:27:09 GMT
{"user": {"enabled": true, "name": "test-create", "id":
"f23d8e2835a0491db1f13a313446768d"}}
# keystone user-create --name test-create
Expecting to find string in password. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error. (HTTP 400)
if keystone cli supports creating an user without pass, we can update
that user's password by:
# keystone user-password-update test-create --pass xxx
to verify this solution:
# keystone user-role-add --user test-create --tenant admin --role admin # can be other tenant and role
# keystone --os-username test-create --os-password xxx --os-tenant-name admin user-get test-create
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| enabled | True |
| id | f23d8e2835a0491db1f13a313446768d |
| name | test-create |
+----------+----------------------------------+
the problem is that
# keystone --debug user-create --name test-create
WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).
REQ: curl -i -X POST http://160.132.0.17:35357/v2.0/users -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "X-Auth-Token: ac60d12b5b6c668f726a"
REQ BODY: {"user": {"email": null, "password": null, "enabled": true, "name": "test-create", "tenantId": null}}
RESP: [400] CaseInsensitiveDict({'date': 'Wed, 29 Jan 2014 07:43:58 GMT', 'vary': 'X-Auth-Token', 'content-length': '236', 'content-type': 'application/json'})
RESP BODY: {"error": {"message": "Expecting to find string in password. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.", "code": 400, "title": "Bad Request"}}
the server side can bare pass attribute is not set, but cannot accept
it is None....
we can fix this via set --pass to SUPRESS or update the server side
validation to treat None as not set and leave it blank in db backend,
I would prefer fix both side, since some user may claim such problem
when he try to send a rest.json={..., 'pass': null} to server.
ref:
https://github.com/openstack/keystone/blob/2013.2.1/keystone/common/utils.py#L100
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1273988/+subscriptions
Follow ups
References
