yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #63645
[Bug 1686729] [NEW] Creating object storage container causes user to be logged out
Public bug reported:
Version = openstack-dashboard 3:11.0.1-0ubuntu1~cloud0
Ceph version = 10.2.7
When using ceph RGW swift interface for open stack and the open stack
dashboard version above to create a swift container the dashboard does a
number of curl requests to check if the bucket name already exists to
prevent the user from trying to create a bucket with the same name as an
existing bucket.
In most cases this works as expected, however if I try to create a
bucket that starts with the same name as an existing bucket that has the
ACL set to private I am unexpectedly logged out of the dashboard.
In my tests I have open stack user 'paul' and project 'paul that owns a
private swift bucket called 'paul'
I then as a second user 'sean' and project 'sean' try to create a swift
container called 'paul1' this will result in me getting logged out of
the dashboard, The below shows the log file for when I try and create
this bucket:
``
REQ: curl -i https://rgw.domain.com/swift/v1/p/ -X GET -H "X-Auth-Token: {hidden}"
RESP STATUS: 400 Bad Request
RESP HEADERS: {u'Date': u'Thu, 27 Apr 2017 13:22:01 GMT', u'Content-Length': u'17', u'Content-Type': u'text/plain; charset=utf-8', u'Accept-Ranges': u'bytes', u'X-Trans-Id': u'{hidden}'}
RESP BODY: InvalidBucketName
REQ: curl -i https://rgw.domain.com/swift/v1/pa/ -X GET -H "X-Auth-Token: {hidden}"
RESP STATUS: 400 Bad Request
RESP HEADERS: {u'Date': u'Thu, 27 Apr 2017 13:22:02 GMT', u'Content-Length': u'17', u'Content-Type': u'text/plain; charset=utf-8', u'Accept-Ranges': u'bytes', u'X-Trans-Id': u'{hidden}'}
RESP BODY: InvalidBucketName
REQ: curl -i https://rgw.domain.com/swift/v1/pau/ -X GET -H "X-Auth-Token: {hidden}"
RESP STATUS: 404 Not Found
RESP HEADERS: {u'Date': u'Thu, 27 Apr 2017 13:22:04 GMT', u'Content-Length': u'12', u'Content-Type': u'text/plain; charset=utf-8', u'Accept-Ranges': u'bytes', u'X-Trans-Id': u'{hidden}'}
RESP BODY: NoSuchBucket
REQ: curl -i https://rgw.domain.com/swift/v1/paul/ -X GET -H "X-Auth-Token: {hidden}"
RESP STATUS: 401 Unauthorized
RESP HEADERS: {u'Date': u'Thu, 27 Apr 2017 13:22:04 GMT', u'Content-Length': u'12', u'Content-Type': u'text/plain; charset=utf-8', u'Accept-Ranges': u'bytes', u'X-Trans-Id': u'{hidden}'}
RESP BODY: AccessDenied
Logging out user "sean
``
As you can see this works until the 401 is received by horizon from the
rgw when checking bucket 'paul' I believe this is because the bucket ACL
of Paul (created by user Paul) is set to ACL private as I don't have the
same issue when the ACL is set to public or when the ACL is private and
I try and create the bucket 'paul1' as the user 'paul'
** Affects: horizon
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1686729
Title:
Creating object storage container causes user to be logged out
Status in OpenStack Dashboard (Horizon):
New
Bug description:
Version = openstack-dashboard 3:11.0.1-0ubuntu1~cloud0
Ceph version = 10.2.7
When using ceph RGW swift interface for open stack and the open stack
dashboard version above to create a swift container the dashboard does
a number of curl requests to check if the bucket name already exists
to prevent the user from trying to create a bucket with the same name
as an existing bucket.
In most cases this works as expected, however if I try to create a
bucket that starts with the same name as an existing bucket that has
the ACL set to private I am unexpectedly logged out of the dashboard.
In my tests I have open stack user 'paul' and project 'paul that owns
a private swift bucket called 'paul'
I then as a second user 'sean' and project 'sean' try to create a
swift container called 'paul1' this will result in me getting logged
out of the dashboard, The below shows the log file for when I try and
create this bucket:
``
REQ: curl -i https://rgw.domain.com/swift/v1/p/ -X GET -H "X-Auth-Token: {hidden}"
RESP STATUS: 400 Bad Request
RESP HEADERS: {u'Date': u'Thu, 27 Apr 2017 13:22:01 GMT', u'Content-Length': u'17', u'Content-Type': u'text/plain; charset=utf-8', u'Accept-Ranges': u'bytes', u'X-Trans-Id': u'{hidden}'}
RESP BODY: InvalidBucketName
REQ: curl -i https://rgw.domain.com/swift/v1/pa/ -X GET -H "X-Auth-Token: {hidden}"
RESP STATUS: 400 Bad Request
RESP HEADERS: {u'Date': u'Thu, 27 Apr 2017 13:22:02 GMT', u'Content-Length': u'17', u'Content-Type': u'text/plain; charset=utf-8', u'Accept-Ranges': u'bytes', u'X-Trans-Id': u'{hidden}'}
RESP BODY: InvalidBucketName
REQ: curl -i https://rgw.domain.com/swift/v1/pau/ -X GET -H "X-Auth-Token: {hidden}"
RESP STATUS: 404 Not Found
RESP HEADERS: {u'Date': u'Thu, 27 Apr 2017 13:22:04 GMT', u'Content-Length': u'12', u'Content-Type': u'text/plain; charset=utf-8', u'Accept-Ranges': u'bytes', u'X-Trans-Id': u'{hidden}'}
RESP BODY: NoSuchBucket
REQ: curl -i https://rgw.domain.com/swift/v1/paul/ -X GET -H "X-Auth-Token: {hidden}"
RESP STATUS: 401 Unauthorized
RESP HEADERS: {u'Date': u'Thu, 27 Apr 2017 13:22:04 GMT', u'Content-Length': u'12', u'Content-Type': u'text/plain; charset=utf-8', u'Accept-Ranges': u'bytes', u'X-Trans-Id': u'{hidden}'}
RESP BODY: AccessDenied
Logging out user "sean
``
As you can see this works until the 401 is received by horizon from
the rgw when checking bucket 'paul' I believe this is because the
bucket ACL of Paul (created by user Paul) is set to ACL private as I
don't have the same issue when the ACL is set to public or when the
ACL is private and I try and create the bucket 'paul1' as the user
'paul'
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1686729/+subscriptions
Follow ups
