yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #68749
[Bug 1686729] Re: Creating object storage container causes user to be logged out
Note that my swift environment is integrated with keystone.
In addition, I am not sure the url https://rgw.domain.com/swift/v1/paul/
you used is correct or not. In Swift case, the component (paul) just
after the version component (v1) is used to identify an account. This
field does not specify a container. horizon swift integration assumes
keystone as horizon itself depends on keystone, so the field is assumed
as 'account'. I am afraid your integration does not satisfy the horizon
assumption.
I believe this bug can be marked as Invalid.
** Changed in: horizon
Status: Incomplete => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1686729
Title:
Creating object storage container causes user to be logged out
Status in OpenStack Dashboard (Horizon):
Invalid
Bug description:
Version = openstack-dashboard 3:11.0.1-0ubuntu1~cloud0
Ceph version = 10.2.7
When using ceph RGW swift interface for open stack and the open stack
dashboard version above to create a swift container the dashboard does
a number of curl requests to check if the bucket name already exists
to prevent the user from trying to create a bucket with the same name
as an existing bucket.
In most cases this works as expected, however if I try to create a
bucket that starts with the same name as an existing bucket that has
the ACL set to private I am unexpectedly logged out of the dashboard.
In my tests I have open stack user 'paul' and project 'paul that owns
a private swift bucket called 'paul'
I then as a second user 'sean' and project 'sean' try to create a
swift container called 'paul1' this will result in me getting logged
out of the dashboard, The below shows the log file for when I try and
create this bucket:
``
REQ: curl -i https://rgw.domain.com/swift/v1/p/ -X GET -H "X-Auth-Token: {hidden}"
RESP STATUS: 400 Bad Request
RESP HEADERS: {u'Date': u'Thu, 27 Apr 2017 13:22:01 GMT', u'Content-Length': u'17', u'Content-Type': u'text/plain; charset=utf-8', u'Accept-Ranges': u'bytes', u'X-Trans-Id': u'{hidden}'}
RESP BODY: InvalidBucketName
REQ: curl -i https://rgw.domain.com/swift/v1/pa/ -X GET -H "X-Auth-Token: {hidden}"
RESP STATUS: 400 Bad Request
RESP HEADERS: {u'Date': u'Thu, 27 Apr 2017 13:22:02 GMT', u'Content-Length': u'17', u'Content-Type': u'text/plain; charset=utf-8', u'Accept-Ranges': u'bytes', u'X-Trans-Id': u'{hidden}'}
RESP BODY: InvalidBucketName
REQ: curl -i https://rgw.domain.com/swift/v1/pau/ -X GET -H "X-Auth-Token: {hidden}"
RESP STATUS: 404 Not Found
RESP HEADERS: {u'Date': u'Thu, 27 Apr 2017 13:22:04 GMT', u'Content-Length': u'12', u'Content-Type': u'text/plain; charset=utf-8', u'Accept-Ranges': u'bytes', u'X-Trans-Id': u'{hidden}'}
RESP BODY: NoSuchBucket
REQ: curl -i https://rgw.domain.com/swift/v1/paul/ -X GET -H "X-Auth-Token: {hidden}"
RESP STATUS: 401 Unauthorized
RESP HEADERS: {u'Date': u'Thu, 27 Apr 2017 13:22:04 GMT', u'Content-Length': u'12', u'Content-Type': u'text/plain; charset=utf-8', u'Accept-Ranges': u'bytes', u'X-Trans-Id': u'{hidden}'}
RESP BODY: AccessDenied
Logging out user "sean
``
As you can see this works until the 401 is received by horizon from
the rgw when checking bucket 'paul' I believe this is because the
bucket ACL of Paul (created by user Paul) is set to ACL private as I
don't have the same issue when the ACL is set to public or when the
ACL is private and I try and create the bucket 'paul1' as the user
'paul'
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1686729/+subscriptions
References
