← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #32189

[Bug 1446834] [NEW] Project tree cycle checking logic is broken

  Thread PreviousDate PreviousThread Next 
Public bug reported:

The keystone.resource.backends.sql.Resource.list_projects_in_subtree
method tries to check for cycles in the project hierarchy [1]. It's
doing it wrong. This was not caught because there are no tests for it
because you can't actually create cycles through the API.

There are two things we can do here:

1. Be satisfied that we don't allow cycles and remove the checks
2. Fix then and mock out the tests to fabricate cycles

[1]
https://github.com/openstack/keystone/blob/master/keystone/resource/backends/sql.py#L97

** Affects: keystone
     Importance: Undecided
     Assignee: David Stanek (dstanek)
         Status: Confirmed

** Description changed:

  The keystone.resource.backends.sql.Resource.list_projects_in_subtree
  method tries to check for cycles in the project hierarchy. It's doing it
  wrong. This was not caught because there are no tests for it because you
  can't actually create cycles through the API.
  
  There are two things we can do here:
  
  1. Be satisfied that we don't allow cycles and remove the checks
  2. Fix then and mock out the tests to fabricate cycles
+ 
+ Specific problems:
+ 
+ bug1: http://git.openstack.org/cgit/openstack/keystone/tree/keystone/resource/backends/sql.py#n97
+   - not creating a set properly
+ 
+ ug2: http://git.openstack.org/cgit/openstack/keystone/tree/keystone/resource/backends/sql.py#n109
+   - set.union returns a new set; should be set.update()

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1446834

Title:
  Project tree cycle checking logic is broken

Status in OpenStack Identity (Keystone):
  Confirmed

Bug description:
  The keystone.resource.backends.sql.Resource.list_projects_in_subtree
  method tries to check for cycles in the project hierarchy [1]. It's
  doing it wrong. This was not caught because there are no tests for it
  because you can't actually create cycles through the API.

  There are two things we can do here:

  1. Be satisfied that we don't allow cycles and remove the checks
  2. Fix then and mock out the tests to fabricate cycles

  [1]
  https://github.com/openstack/keystone/blob/master/keystone/resource/backends/sql.py#L97

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1446834/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next