yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #96554
[Bug 2126676] [NEW] Response body schema should not be enabled by default
Public bug reported:
Recent versions of Keystone have introduced schemas for both requests
and responses. However, unlike services like Nova, Ironic and Manila,
response body schema validation in Keystone is always enabled. This
should not be the case. Repeating from the docs for the '[api]
response_validation' option in Manila [1]:
> ``error`` should not be used in a production environment. This is because
> schema validation happens *after* the response body has been generated, meaning
> any side effects will still happen and the call may be non-idempotent despite
> the user receiving a HTTP 500 error.
We should introduce an equivalent option in Keystone that like those
services defaults to 'warn', not 'error'. We can then change the default
in Tempest/DevStack.
[1]
https://review.opendev.org/c/openstack/manila/+/917153/6/manila/api/openstack/__init__.py#69
** Affects: keystone
Importance: Undecided
Status: In Progress
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/2126676
Title:
Response body schema should not be enabled by default
Status in OpenStack Identity (keystone):
In Progress
Bug description:
Recent versions of Keystone have introduced schemas for both requests
and responses. However, unlike services like Nova, Ironic and Manila,
response body schema validation in Keystone is always enabled. This
should not be the case. Repeating from the docs for the '[api]
response_validation' option in Manila [1]:
> ``error`` should not be used in a production environment. This is because
> schema validation happens *after* the response body has been generated, meaning
> any side effects will still happen and the call may be non-idempotent despite
> the user receiving a HTTP 500 error.
We should introduce an equivalent option in Keystone that like those
services defaults to 'warn', not 'error'. We can then change the
default in Tempest/DevStack.
[1]
https://review.opendev.org/c/openstack/manila/+/917153/6/manila/api/openstack/__init__.py#69
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/2126676/+subscriptions