| Thread Previous • Date Previous • Date Next • Thread Next |
Public bug reported:
In credential list API, when user passes the query parameter as name
with invalid value then, it returns list of all available credentials.
Steps to reproduce:
1. Curl Command
curl -g -i -X GET http://10.232.48.206/identity/v3/credentials?name=2dba5076c6f14c2ea6bf691e7d0ba71534333333 -H "User-Agent: python-keystoneclient" -H "Accept: application/json" -H "X-Auth-Token: fddae55403c247a1bb1ddc6751424c63"
2. Response
HTTP/1.1 200 OK
Date: Thu, 25 May 2017 11:40:57 GMT
Server: Apache/2.4.18 (Ubuntu)
Vary: X-Auth-Token
Content-Type: application/json
Content-Length: 410
x-openstack-request-id: req-4cfb95d7-6424-4151-819b-37d195e20b43
Connection: close
3. Output
{"credentials": [{"user_id": "8c3b0c35d48142b3a1b5078bb7abd203", "links": {"self": "http://10.232.48.206/identity/v3/credentials/52c7d4b344174e92b83a35e5cf873262"}, "blob": "test_data", "project_id": null, "type": "cert", "id": "52c7d4b344174e92b83a35e5cf873262"}], "links": {"self": "http://10.232.48.206/identity/v3/credentials?name=2dba5076c6f14c2ea6bf691e7d0ba71534333333";, "previous": null, "next": null}}
In my opinion to maintain the consistency, Credential list API should return empty list when invalid query parameter is passed. Same issue is present for the policy API also.
master:
commit e171c7905556d372a236b227d4ef599ea3034920
Author: OpenStack Proposal Bot <openstack-infra@xxxxxxxxxxxxxxxxxxx>
Date: Sat May 20 04:36:44 2017 +0000
** Affects: keystone
Importance: Undecided
Assignee: Pooja Jadhav (poojajadhav)
Status: New
** Changed in: keystone
Assignee: (unassigned) => Pooja Jadhav (poojajadhav)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1693498
Title:
Credential list API returns list of available credentials when user
passes invalid name as query parameter
Status in OpenStack Identity (keystone):
New
Bug description:
In credential list API, when user passes the query parameter as name
with invalid value then, it returns list of all available credentials.
Steps to reproduce:
1. Curl Command
curl -g -i -X GET http://10.232.48.206/identity/v3/credentials?name=2dba5076c6f14c2ea6bf691e7d0ba71534333333 -H "User-Agent: python-keystoneclient" -H "Accept: application/json" -H "X-Auth-Token: fddae55403c247a1bb1ddc6751424c63"
2. Response
HTTP/1.1 200 OK
Date: Thu, 25 May 2017 11:40:57 GMT
Server: Apache/2.4.18 (Ubuntu)
Vary: X-Auth-Token
Content-Type: application/json
Content-Length: 410
x-openstack-request-id: req-4cfb95d7-6424-4151-819b-37d195e20b43
Connection: close
3. Output
{"credentials": [{"user_id": "8c3b0c35d48142b3a1b5078bb7abd203", "links": {"self": "http://10.232.48.206/identity/v3/credentials/52c7d4b344174e92b83a35e5cf873262"}, "blob": "test_data", "project_id": null, "type": "cert", "id": "52c7d4b344174e92b83a35e5cf873262"}], "links": {"self": "http://10.232.48.206/identity/v3/credentials?name=2dba5076c6f14c2ea6bf691e7d0ba71534333333";, "previous": null, "next": null}}
In my opinion to maintain the consistency, Credential list API should return empty list when invalid query parameter is passed. Same issue is present for the policy API also.
master:
commit e171c7905556d372a236b227d4ef599ea3034920
Author: OpenStack Proposal Bot <openstack-infra@xxxxxxxxxxxxxxxxxxx>
Date: Sat May 20 04:36:44 2017 +0000
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1693498/+subscriptions
| Thread Previous • Date Previous • Date Next • Thread Next |
