[Openstack-security] [Bug 1118066] Re: Nova should confirm quota requests against Keystone
Thang Pham
thang.g.pham at gmail.com
Sat Jun 21 16:53:53 UTC 2014
There is a blueprint to validate tenant and user IDs that is pending:
https://blueprints.launchpad.net/nova/+spec/validate-tenant-user-with-
keystone. It should resolve this bug and well as many other identical
bugs.
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1118066
Title:
Nova should confirm quota requests against Keystone
Status in OpenStack Compute (Nova):
Confirmed
Bug description:
os-quota-sets API should check requests for /v2/:tenant/os-quota-sets/
against Keystone to ensure that :tenant does exist.
POST requests to a non-existant tenant should fail with a 400 error
code.
GET requests to a non-existant tenant may fail with a 400 error code.
Current behavior is to return 200 with the default quotas. A slightly
incompatible change would be to return a 302 redirect to /v2/:tenant
/os-quota-sets/defaults in this case.
Edit (2014-01-22)
Original Description
--------------------
GET /v2/:tenant/os-quota-sets/:this_tenant_does_not_exist
returns 200 with the default quotas.
Moreover
POST /v2/:tenant/os-quota-sets/:this_tenant_does_not_exist
with updated quotas succeeds and that metadata is saved!
I'm not sure if this is a bug or not. I cannot find any documentation
on this interface.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1118066/+subscriptions
More information about the Openstack-security
mailing list