← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #37241

[Bug 1488715] [NEW] There is an unnecessary condition judgment at the keystone.token.controllers._get_project_id_from_auth function

  Thread PreviousDate PreviousThread Next 
Public bug reported:

At the keystone.token.controllers._get_project_id_from_auth function , the code about tenant_id judgment is unnecessary.
---
  def _get_project_id_from_auth(self, auth):
        """Extract tenant information from auth dict.

        Returns a valid tenant_id if it exists, or None if not specified.
        """
        tenant_id = auth.get('tenantId')
        if tenant_id and len(tenant_id) > CONF.max_param_size:
            raise exception.ValidationSizeError(attribute='tenantId',
                                                size=CONF.max_param_size)

        tenant_name = auth.get('tenantName')
        if tenant_name and len(tenant_name) > CONF.max_param_size:
            raise exception.ValidationSizeError(attribute='tenantName',
                                                size=CONF.max_param_size)

        if tenant_name:
            try:
                tenant_ref = self.resource_api.get_project_by_name(
                    tenant_name, CONF.identity.default_domain_id)
                tenant_id = tenant_ref['id']
            except exception.ProjectNotFound as e:
                raise exception.Unauthorized(e)
        return tenant_id
---

Because,the final tenant_id is got by the  self.resource_api.get_project_by_name, 
so if the  tenant_id that got from auth is invalid ,however if the tenant_id  can be got by the resource_api.get_project_by_name,
then the I think that the condition judgement about the tenant_id has negative impact.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1488715

Title:
  There is an unnecessary condition judgment at the
  keystone.token.controllers._get_project_id_from_auth function

Status in Keystone:
  New

Bug description:
  At the keystone.token.controllers._get_project_id_from_auth function , the code about tenant_id judgment is unnecessary.
  ---
    def _get_project_id_from_auth(self, auth):
          """Extract tenant information from auth dict.

          Returns a valid tenant_id if it exists, or None if not specified.
          """
          tenant_id = auth.get('tenantId')
          if tenant_id and len(tenant_id) > CONF.max_param_size:
              raise exception.ValidationSizeError(attribute='tenantId',
                                                  size=CONF.max_param_size)

          tenant_name = auth.get('tenantName')
          if tenant_name and len(tenant_name) > CONF.max_param_size:
              raise exception.ValidationSizeError(attribute='tenantName',
                                                  size=CONF.max_param_size)

          if tenant_name:
              try:
                  tenant_ref = self.resource_api.get_project_by_name(
                      tenant_name, CONF.identity.default_domain_id)
                  tenant_id = tenant_ref['id']
              except exception.ProjectNotFound as e:
                  raise exception.Unauthorized(e)
          return tenant_id
  ---

  Because,the final tenant_id is got by the  self.resource_api.get_project_by_name, 
  so if the  tenant_id that got from auth is invalid ,however if the tenant_id  can be got by the resource_api.get_project_by_name,
  then the I think that the condition judgement about the tenant_id has negative impact.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1488715/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next