yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #24855
[Bug 1396228] [NEW] Keystone V3 query REST API returns all rows when using a display_name not in the database
Public bug reported:
Summary:
When using the openstack CLI with V3 keystone API to query for a keystone service, user or group (probably others too), if there is one row, it is returned, even if it doesn't match the query. The API appears to return exactly the one row if there is a hit, but all rows if there is a miss.
This appears to affect the V3 API. If I use the same client with a v2.0
keystone endpoint, the problem isn't there.
Details:
Using Juno release on Ubuntu 14.04
Client version: 0.3.0
Server version: Keystone: 1:2014.2-0ubuntu1~cloud0
Using v3 keystone API
More Details (warnings and info have been removed)
$ openstack service list
+----------------------------------+----------+----------+---------+
| ID | Name | Type | Enabled |
+----------------------------------+----------+----------+---------+
| 3e67652d047f4e409eef78d7128047d2 | keystone | identity | True |
+----------------------------------+----------+----------+---------+
$ openstack service show non-existent-service
+-------------+------------------------------------------------------------------------------------+
| Field | Value |
+-------------+------------------------------------------------------------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | 3e67652d047f4e409eef78d7128047d2 |
| links | {u'self': u'http://controller:35357/v3/services/3e67652d047f4e409eef78d7128047d2'} |
| name | keystone |
| type | identity |
+-------------+------------------------------------------------------------------------------------+
# Note how it returns the keystone service
$ openstack service create --name test test
+---------+------------------------------------------------------------------------------------+
| Field | Value |
+---------+------------------------------------------------------------------------------------+
| enabled | True |
| id | da518fb9a75c4f619f5010fc8b9884b1 |
| links | {u'self': u'http://controller:35357/v3/services/da518fb9a75c4f619f5010fc8b9884b1'} |
| name | test |
| type | test |
+---------+------------------------------------------------------------------------------------+
$ openstack service list
+----------------------------------+----------+----------+---------+
| ID | Name | Type | Enabled |
+----------------------------------+----------+----------+---------+
| 3e67652d047f4e409eef78d7128047d2 | keystone | identity | True |
| da518fb9a75c4f619f5010fc8b9884b1 | test | test | True |
+----------------------------------+----------+----------+---------+
$ openstack service show non-existent-service
ERROR: openstack No service with a name or ID of 'non-existent-service' exists.
More details:
$ openstack user list
INFO: urllib3.connectionpool Starting new HTTP connection (1): controller
INFO: urllib3.connectionpool Starting new HTTP connection (1): controller
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 2581bd935d714ccda0b21c7f1a28deac | admin |
+----------------------------------+-------+
$ openstack -v user show non-existent-user
[some output removed]
DEBUG: urllib3.connectionpool "GET /v3/users?display_name=non-existent-user HTTP/1.1" 200 392
DEBUG: keystoneclient.session RESP: [200] CaseInsensitiveDict({'date': 'Tue, 25 Nov 2014 16:00:01 GMT', 'vary': 'X-Auth-Token', 'content-length': '392', 'content-type': 'application/json', 'x-distribution': 'Ubuntu'})
RESP BODY: {"users": [{"domain_id": "default", "name": "admin", "links": {"self": "http://controller:35357/v3/users/2581bd935d714ccda0b21c7f1a28deac"}, "id": "2581bd935d714ccda0b21c7f1a28deac", "enabled": true, "email": null, "default_project_id": "8397dc1d021e4eddbff77eca807a1555"}], "links": {"self": "http://controller:35357/v3/users?display_name=non-existent-user", "previous": null, "next": null}}
+--------------------+---------------------------------------------------------------------------------+
| Field | Value |
+--------------------+---------------------------------------------------------------------------------+
| default_project_id | 8397dc1d021e4eddbff77eca807a1555 |
| domain_id | default |
| email | None |
| enabled | True |
| id | 2581bd935d714ccda0b21c7f1a28deac |
| links | {u'self': u'http://controller:35357/v3/users/2581bd935d714ccda0b21c7f1a28deac'} |
| name | admin |
+--------------------+---------------------------------------------------------------------------------+
$ openstack user create test
INFO: urllib3.connectionpool Starting new HTTP connection (1): controller
WARNING: keystoneclient.utils create takes at most 1 positional argument (2 given)
INFO: urllib3.connectionpool Starting new HTTP connection (1): controller
+-----------+---------------------------------------------------------------------------------+
| Field | Value |
+-----------+---------------------------------------------------------------------------------+
| domain_id | default |
| enabled | True |
| id | d70192399e6a4b1cb3f0b91a1002cccf |
| links | {u'self': u'http://controller:35357/v3/users/d70192399e6a4b1cb3f0b91a1002cccf'} |
| name | test |
+-----------+---------------------------------------------------------------------------------+
$ openstack -v user show non-existent-user
[some output removed]
DEBUG: urllib3.connectionpool "GET /v3/users?display_name=non-existent-user HTTP/1.1" 200 581
DEBUG: keystoneclient.session RESP: [200] CaseInsensitiveDict({'date': 'Tue, 25 Nov 2014 16:01:24 GMT', 'vary': 'X-Auth-Token', 'content-length': '581', 'content-type': 'application/json', 'x-distribution': 'Ubuntu'})
RESP BODY: {"users": [{"domain_id": "default", "name": "admin", "links": {"self": "http://controller:35357/v3/users/2581bd935d714ccda0b21c7f1a28deac"}, "id": "2581bd935d714ccda0b21c7f1a28deac", "enabled": true, "email": null, "default_project_id": "8397dc1d021e4eddbff77eca807a1555"}, {"name": "test", "links": {"self": "http://controller:35357/v3/users/d70192399e6a4b1cb3f0b91a1002cccf"}, "enabled": true, "id": "d70192399e6a4b1cb3f0b91a1002cccf", "domain_id": "default"}], "links": {"self": "http://controller:35357/v3/users?display_name=non-existent-user", "previous": null, "next": null}}
ERROR: openstack No user with a name or ID of 'non-existent-user' exists.
DEBUG: openstackclient.shell clean_up ShowUser
DEBUG: openstackclient.shell got an error: No user with a name or ID of 'non-existent-user' exists.
$ openstack -v user show test
[some output removed]
DEBUG: urllib3.connectionpool "GET /v3/users?name=test HTTP/1.1" 200 297
DEBUG: keystoneclient.session RESP: [200] CaseInsensitiveDict({'date': 'Tue, 25 Nov 2014 16:09:15 GMT', 'vary': 'X-Auth-Token', 'content-length': '297', 'content-type': 'application/json', 'x-distribution': 'Ubuntu'})
RESP BODY: {"users": [{"name": "test", "links": {"self": "http://controller:35357/v3/users/d70192399e6a4b1cb3f0b91a1002cccf"}, "enabled": true, "id": "d70192399e6a4b1cb3f0b91a1002cccf", "domain_id": "default"}], "links": {"self": "http://controller:35357/v3/users?name=test", "previous": null, "next": null}}
+-----------+---------------------------------------------------------------------------------+
| Field | Value |
+-----------+---------------------------------------------------------------------------------+
| domain_id | default |
| enabled | True |
| id | d70192399e6a4b1cb3f0b91a1002cccf |
| links | {u'self': u'http://controller:35357/v3/users/d70192399e6a4b1cb3f0b91a1002cccf'} |
| name | test |
+-----------+---------------------------------------------------------------------------------+
Another example:
$ openstack group list
[it's empty]
$ openstack group create foo
+-------------+----------------------------------------------------------------------------------+
| Field | Value |
+-------------+----------------------------------------------------------------------------------+
| description | |
| domain_id | default |
| id | 196a166fb05b47c594b7a3ff76738787 |
| links | {u'self': u'http://controller:35357/v3/groups/196a166fb05b47c594b7a3ff76738787'} |
| name | foo |
+-------------+----------------------------------------------------------------------------------+
$ openstack group show bar
+-------------+----------------------------------------------------------------------------------+
| Field | Value |
+-------------+----------------------------------------------------------------------------------+
| description | |
| domain_id | default |
| id | 196a166fb05b47c594b7a3ff76738787 |
| links | {u'self': u'http://controller:35357/v3/groups/196a166fb05b47c594b7a3ff76738787'} |
| name | foo |
+-------------+----------------------------------------------------------------------------------+
$ openstack group delete foo
$ openstack group show bar
ERROR: openstack No group with a name or ID of 'bar' exists.
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1396228
Title:
Keystone V3 query REST API returns all rows when using a display_name
not in the database
Status in OpenStack Identity (Keystone):
New
Bug description:
Summary:
When using the openstack CLI with V3 keystone API to query for a keystone service, user or group (probably others too), if there is one row, it is returned, even if it doesn't match the query. The API appears to return exactly the one row if there is a hit, but all rows if there is a miss.
This appears to affect the V3 API. If I use the same client with a
v2.0 keystone endpoint, the problem isn't there.
Details:
Using Juno release on Ubuntu 14.04
Client version: 0.3.0
Server version: Keystone: 1:2014.2-0ubuntu1~cloud0
Using v3 keystone API
More Details (warnings and info have been removed)
$ openstack service list
+----------------------------------+----------+----------+---------+
| ID | Name | Type | Enabled |
+----------------------------------+----------+----------+---------+
| 3e67652d047f4e409eef78d7128047d2 | keystone | identity | True |
+----------------------------------+----------+----------+---------+
$ openstack service show non-existent-service
+-------------+------------------------------------------------------------------------------------+
| Field | Value |
+-------------+------------------------------------------------------------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | 3e67652d047f4e409eef78d7128047d2 |
| links | {u'self': u'http://controller:35357/v3/services/3e67652d047f4e409eef78d7128047d2'} |
| name | keystone |
| type | identity |
+-------------+------------------------------------------------------------------------------------+
# Note how it returns the keystone service
$ openstack service create --name test test
+---------+------------------------------------------------------------------------------------+
| Field | Value |
+---------+------------------------------------------------------------------------------------+
| enabled | True |
| id | da518fb9a75c4f619f5010fc8b9884b1 |
| links | {u'self': u'http://controller:35357/v3/services/da518fb9a75c4f619f5010fc8b9884b1'} |
| name | test |
| type | test |
+---------+------------------------------------------------------------------------------------+
$ openstack service list
+----------------------------------+----------+----------+---------+
| ID | Name | Type | Enabled |
+----------------------------------+----------+----------+---------+
| 3e67652d047f4e409eef78d7128047d2 | keystone | identity | True |
| da518fb9a75c4f619f5010fc8b9884b1 | test | test | True |
+----------------------------------+----------+----------+---------+
$ openstack service show non-existent-service
ERROR: openstack No service with a name or ID of 'non-existent-service' exists.
More details:
$ openstack user list
INFO: urllib3.connectionpool Starting new HTTP connection (1): controller
INFO: urllib3.connectionpool Starting new HTTP connection (1): controller
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 2581bd935d714ccda0b21c7f1a28deac | admin |
+----------------------------------+-------+
$ openstack -v user show non-existent-user
[some output removed]
DEBUG: urllib3.connectionpool "GET /v3/users?display_name=non-existent-user HTTP/1.1" 200 392
DEBUG: keystoneclient.session RESP: [200] CaseInsensitiveDict({'date': 'Tue, 25 Nov 2014 16:00:01 GMT', 'vary': 'X-Auth-Token', 'content-length': '392', 'content-type': 'application/json', 'x-distribution': 'Ubuntu'})
RESP BODY: {"users": [{"domain_id": "default", "name": "admin", "links": {"self": "http://controller:35357/v3/users/2581bd935d714ccda0b21c7f1a28deac"}, "id": "2581bd935d714ccda0b21c7f1a28deac", "enabled": true, "email": null, "default_project_id": "8397dc1d021e4eddbff77eca807a1555"}], "links": {"self": "http://controller:35357/v3/users?display_name=non-existent-user", "previous": null, "next": null}}
+--------------------+---------------------------------------------------------------------------------+
| Field | Value |
+--------------------+---------------------------------------------------------------------------------+
| default_project_id | 8397dc1d021e4eddbff77eca807a1555 |
| domain_id | default |
| email | None |
| enabled | True |
| id | 2581bd935d714ccda0b21c7f1a28deac |
| links | {u'self': u'http://controller:35357/v3/users/2581bd935d714ccda0b21c7f1a28deac'} |
| name | admin |
+--------------------+---------------------------------------------------------------------------------+
$ openstack user create test
INFO: urllib3.connectionpool Starting new HTTP connection (1): controller
WARNING: keystoneclient.utils create takes at most 1 positional argument (2 given)
INFO: urllib3.connectionpool Starting new HTTP connection (1): controller
+-----------+---------------------------------------------------------------------------------+
| Field | Value |
+-----------+---------------------------------------------------------------------------------+
| domain_id | default |
| enabled | True |
| id | d70192399e6a4b1cb3f0b91a1002cccf |
| links | {u'self': u'http://controller:35357/v3/users/d70192399e6a4b1cb3f0b91a1002cccf'} |
| name | test |
+-----------+---------------------------------------------------------------------------------+
$ openstack -v user show non-existent-user
[some output removed]
DEBUG: urllib3.connectionpool "GET /v3/users?display_name=non-existent-user HTTP/1.1" 200 581
DEBUG: keystoneclient.session RESP: [200] CaseInsensitiveDict({'date': 'Tue, 25 Nov 2014 16:01:24 GMT', 'vary': 'X-Auth-Token', 'content-length': '581', 'content-type': 'application/json', 'x-distribution': 'Ubuntu'})
RESP BODY: {"users": [{"domain_id": "default", "name": "admin", "links": {"self": "http://controller:35357/v3/users/2581bd935d714ccda0b21c7f1a28deac"}, "id": "2581bd935d714ccda0b21c7f1a28deac", "enabled": true, "email": null, "default_project_id": "8397dc1d021e4eddbff77eca807a1555"}, {"name": "test", "links": {"self": "http://controller:35357/v3/users/d70192399e6a4b1cb3f0b91a1002cccf"}, "enabled": true, "id": "d70192399e6a4b1cb3f0b91a1002cccf", "domain_id": "default"}], "links": {"self": "http://controller:35357/v3/users?display_name=non-existent-user", "previous": null, "next": null}}
ERROR: openstack No user with a name or ID of 'non-existent-user' exists.
DEBUG: openstackclient.shell clean_up ShowUser
DEBUG: openstackclient.shell got an error: No user with a name or ID of 'non-existent-user' exists.
$ openstack -v user show test
[some output removed]
DEBUG: urllib3.connectionpool "GET /v3/users?name=test HTTP/1.1" 200 297
DEBUG: keystoneclient.session RESP: [200] CaseInsensitiveDict({'date': 'Tue, 25 Nov 2014 16:09:15 GMT', 'vary': 'X-Auth-Token', 'content-length': '297', 'content-type': 'application/json', 'x-distribution': 'Ubuntu'})
RESP BODY: {"users": [{"name": "test", "links": {"self": "http://controller:35357/v3/users/d70192399e6a4b1cb3f0b91a1002cccf"}, "enabled": true, "id": "d70192399e6a4b1cb3f0b91a1002cccf", "domain_id": "default"}], "links": {"self": "http://controller:35357/v3/users?name=test", "previous": null, "next": null}}
+-----------+---------------------------------------------------------------------------------+
| Field | Value |
+-----------+---------------------------------------------------------------------------------+
| domain_id | default |
| enabled | True |
| id | d70192399e6a4b1cb3f0b91a1002cccf |
| links | {u'self': u'http://controller:35357/v3/users/d70192399e6a4b1cb3f0b91a1002cccf'} |
| name | test |
+-----------+---------------------------------------------------------------------------------+
Another example:
$ openstack group list
[it's empty]
$ openstack group create foo
+-------------+----------------------------------------------------------------------------------+
| Field | Value |
+-------------+----------------------------------------------------------------------------------+
| description | |
| domain_id | default |
| id | 196a166fb05b47c594b7a3ff76738787 |
| links | {u'self': u'http://controller:35357/v3/groups/196a166fb05b47c594b7a3ff76738787'} |
| name | foo |
+-------------+----------------------------------------------------------------------------------+
$ openstack group show bar
+-------------+----------------------------------------------------------------------------------+
| Field | Value |
+-------------+----------------------------------------------------------------------------------+
| description | |
| domain_id | default |
| id | 196a166fb05b47c594b7a3ff76738787 |
| links | {u'self': u'http://controller:35357/v3/groups/196a166fb05b47c594b7a3ff76738787'} |
| name | foo |
+-------------+----------------------------------------------------------------------------------+
$ openstack group delete foo
$ openstack group show bar
ERROR: openstack No group with a name or ID of 'bar' exists.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1396228/+subscriptions
Follow ups
References