yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1656266] [NEW] A member can be created successfully with any value of <MEMBER_ID> parameter without any error

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Kanika Singh <kanikasingh.1490@xxxxxxxxx>
Date: Fri, 13 Jan 2017 10:29:46 -0000
Reply-to: Bug 1656266 <1656266@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Logically, MEMBER_ID should be the tenant_id that has to be added as a
member. But in this case, MEMBER_ID parameter is not verified for
existance. One can give any value as MEMBER_ID, database entry will be
created for the specified value.

eg:

[root@controller ~(keystone_admin)]# glance member-create c03908a7-6166-4b2f-974e-ae9aa60f5472 abc
+--------------------------------------+----------------------------------+---------+
| Image ID                             | Member ID                        | Status  |
+--------------------------------------+----------------------------------+---------+
| c03908a7-6166-4b2f-974e-ae9aa60f5472 | abc                              | pending |
+--------------------------------------+----------------------------------+---------+


This happens because there is no check for the validity of MEMBER_ID. The value is passed as it is given in the command.

There should be a feature to fetch tenant list and validate the entered
value of MEMBER_ID in create() method in glance/api/v2/image_members.py
file.

** Affects: glance
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1656266

Title:
  A member can be created successfully with any value of <MEMBER_ID>
  parameter without any error

Status in Glance:
  New

Bug description:
  Logically, MEMBER_ID should be the tenant_id that has to be added as a
  member. But in this case, MEMBER_ID parameter is not verified for
  existance. One can give any value as MEMBER_ID, database entry will be
  created for the specified value.

  eg:

  [root@controller ~(keystone_admin)]# glance member-create c03908a7-6166-4b2f-974e-ae9aa60f5472 abc
  +--------------------------------------+----------------------------------+---------+
  | Image ID                             | Member ID                        | Status  |
  +--------------------------------------+----------------------------------+---------+
  | c03908a7-6166-4b2f-974e-ae9aa60f5472 | abc                              | pending |
  +--------------------------------------+----------------------------------+---------+

  
  This happens because there is no check for the validity of MEMBER_ID. The value is passed as it is given in the command.

  There should be a feature to fetch tenant list and validate the
  entered value of MEMBER_ID in create() method in
  glance/api/v2/image_members.py file.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1656266/+subscriptions