[Yahoo-eng-team] [Bug 1294356] Re: improper validation allows for 500 during create role
This is now fixed by json shema, for the invalid data it now returns 400 error Here is the test result: curl -g -i -X POST http://10.0.2.15:35357/v2.0/OS-KSADM/roles -H "User-Agent: python-keystoneclient" -H "Content-Type: application/json" -H "Accept: application/json" -H "X-Auth-Token: " -d '{"role": {"role": "name"}}' HTTP/1.1 400 Bad Request Vary: X-Auth-Token Content-Type: application/json Content-Length: 105 Date: Sun, 15 Feb 2015 05:12:50 GMT {"error": {"message": "Name field is required and cannot be empty", "code": 400, "title": "Bad Request"}} ** Changed in: keystone Status: Triaged => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1294356 Title: improper validation allows for 500 during create role Status in OpenStack Identity (Keystone): Invalid Bug description: Improper validation allows for requests to cause 500s. POST /v2.0/OS-KSADM/roles HTTP/1.1 Host: 10.127.101.67:35357 Content-Length: 22 Content-Type: application/json Accept-Encoding: gzip, deflate, compress Accept: */* X-Auth-Token: User-Agent: python-requests/2.2.1 CPython/2.7.4 Linux/3.13.0-17-generic { "role": "name" } HTTP/1.1 500 Internal Server Error Vary: X-Auth-Token Content-Type: application/json Content-Length: 189 Date: Tue, 18 Mar 2014 19:36:05 GMT {"error": {"message": "An unexpected error prevented the server from fulfilling your request. 'unicode' object has no attribute 'iteritems'", "code": 500, "title": "Internal Server Error"}} To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1294356/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1422049] [NEW] Security group checking action permissions raise error
Public bug reported: When using nova-network, I got the output on horizon: [Sun Feb 15 02:48:41.965163 2015] [:error] [pid 21259:tid 140656137611008] Error while checking action permissions. [Sun Feb 15 02:48:41.965184 2015] [:error] [pid 21259:tid 140656137611008] Traceback (most recent call last): [Sun Feb 15 02:48:41.965193 2015] [:error] [pid 21259:tid 140656137611008] File "/opt/stack/horizon/openstack_dashboard/wsgi/../../horizon/tables/base.py", line 1260, in _filter_action [Sun Feb 15 02:48:41.965199 2015] [:error] [pid 21259:tid 140656137611008] return action._allowed(request, datum) and row_matched [Sun Feb 15 02:48:41.965205 2015] [:error] [pid 21259:tid 140656137611008] File "/opt/stack/horizon/openstack_dashboard/wsgi/../../horizon/tables/actions.py", line 137, in _allowed [Sun Feb 15 02:48:41.965211 2015] [:error] [pid 21259:tid 140656137611008] return self.allowed(request, datum) [Sun Feb 15 02:48:41.965440 2015] [:error] [pid 21259:tid 140656137611008] File "/opt/stack/horizon/openstack_dashboard/wsgi/../../openstack_dashboard/dashboards/project/access_and_security/security_groups/tables.py", line 83, in allowed [Sun Feb 15 02:48:41.965457 2015] [:error] [pid 21259:tid 140656137611008] if usages['security_groups']['available'] <= 0: [Sun Feb 15 02:48:41.965466 2015] [:error] [pid 21259:tid 140656137611008] KeyError: 'available' [Sun Feb 15 02:48:41.986480 2015] [:error] [pid 21259:tid 140656137611008] Error while checking action permissions. [Sun Feb 15 02:48:41.986533 2015] [:error] [pid 21259:tid 140656137611008] Traceback (most recent call last): [Sun Feb 15 02:48:41.986569 2015] [:error] [pid 21259:tid 140656137611008] File "/opt/stack/horizon/openstack_dashboard/wsgi/../../horizon/tables/base.py", line 1260, in _filter_action [Sun Feb 15 02:48:41.986765 2015] [:error] [pid 21259:tid 140656137611008] return action._allowed(request, datum) and row_matched [Sun Feb 15 02:48:41.986806 2015] [:error] [pid 21259:tid 140656137611008] File "/opt/stack/horizon/openstack_dashboard/wsgi/../../horizon/tables/actions.py", line 137, in _allowed [Sun Feb 15 02:48:41.986841 2015] [:error] [pid 21259:tid 140656137611008] return self.allowed(request, datum) [Sun Feb 15 02:48:41.987010 2015] [:error] [pid 21259:tid 140656137611008] File "/opt/stack/horizon/openstack_dashboard/wsgi/../../openstack_dashboard/dashboards/project/access_and_security/security_groups/tables.py", line 83, in allowed [Sun Feb 15 02:48:41.987051 2015] [:error] [pid 21259:tid 140656137611008] if usages['security_groups']['available'] <= 0: [Sun Feb 15 02:48:41.987088 2015] [:error] [pid 21259:tid 140656137611008] KeyError: 'available' ** Affects: horizon Importance: Undecided Assignee: qiaojian (qiaojian) Status: New ** Changed in: horizon Assignee: (unassigned) => qiaojian (qiaojian) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1422049 Title: Security group checking action permissions raise error Status in OpenStack Dashboard (Horizon): New Bug description: When using nova-network, I got the output on horizon: [Sun Feb 15 02:48:41.965163 2015] [:error] [pid 21259:tid 140656137611008] Error while checking action permissions. [Sun Feb 15 02:48:41.965184 2015] [:error] [pid 21259:tid 140656137611008] Traceback (most recent call last): [Sun Feb 15 02:48:41.965193 2015] [:error] [pid 21259:tid 140656137611008] File "/opt/stack/horizon/openstack_dashboard/wsgi/../../horizon/tables/base.py", line 1260, in _filter_action [Sun Feb 15 02:48:41.965199 2015] [:error] [pid 21259:tid 140656137611008] return action._allowed(request, datum) and row_matched [Sun Feb 15 02:48:41.965205 2015] [:error] [pid 21259:tid 140656137611008] File "/opt/stack/horizon/openstack_dashboard/wsgi/../../horizon/tables/actions.py", line 137, in _allowed [Sun Feb 15 02:48:41.965211 2015] [:error] [pid 21259:tid 140656137611008] return self.allowed(request, datum) [Sun Feb 15 02:48:41.965440 2015] [:error] [pid 21259:tid 140656137611008] File "/opt/stack/horizon/openstack_dashboard/wsgi/../../openstack_dashboard/dashboards/project/access_and_security/security_groups/tables.py", line 83, in allowed [Sun Feb 15 02:48:41.965457 2015] [:error] [pid 21259:tid 140656137611008] if usages['security_groups']['available'] <= 0: [Sun Feb 15 02:48:41.965466 2015] [:error] [pid 21259:tid 140656137611008] KeyError: 'available' [Sun Feb 15 02:48:41.986480 2015] [:error] [pid 21259:tid 140656137611008] Error while checking action permissions. [Sun Feb 15 02:48:41.986533 2015] [:error] [pid 21259:tid 140656137611008] Traceback (most recent call last): [Sun Feb 15 02:48:41.986569 2015] [:error] [pid 21259:tid 140656137611008] File "/opt/stack/horizon/openstack_dashboard/wsgi/../../horizon
[Yahoo-eng-team] [Bug 1388698] Re: dhcp_agents_per_network does not work appropriately.
This bug is fixed by [1] https://review.openstack.org/#/c/131150/ ** Changed in: neutron Status: In Progress => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1388698 Title: dhcp_agents_per_network does not work appropriately. Status in OpenStack Neutron (virtual network service): Invalid Bug description: Hi, I want to ask about dhcp_agents_per_network option in neutron.conf. That's instruction is in neutron.conf - # Number of DHCP agents scheduled to host a network. This enables redundant # DHCP agents for configured networks. # dhcp_agents_per_network = 1 dhcp_agents_per_network = 1 - I hit situation that network is hosted by multiple dhcp-agents evenif dhcp_agents_per_network = 1. I think dhcp_agents_per_network does not work appropriately. The procedure are as follows. Conditions: A) multiple network nodes. B) dhcp-agents are alives in each network nodes. C) one network is hosted by one dhcp-agent. ex: network node1: dhcp-agent1 hosts network1 and network2. network node2: dhcp-agent2 hosts no network. procedures: 1) stop dhcp-agent1 and dhcp-agent2. 2) start dhcp-agent2. result: network node1: dhcp-agent1 hosts network1 and network2. network node2: dhcp-agent2 hosts network1 and network2. dnsmasq hosting network1 boots on network node1 and 2. also, dnsmasq hosting network2 boots on network node1 and 2. dhcp_agents_per_network option means "active_dhcp_agents_per_network" or "dhcp_agents_per_network"? To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1388698/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1422048] [NEW] host_state.limits don't automatically update in filters
Public bug reported: host_state.limits don't update in the resources refresh process and only update using the filters. The implementation will encounter a problem in the following scene: When creating a vm by specifying a host and the host has insufficient resouces, the user can scale resources by hand, such as the disk is insufficient. The resources scaled by hand can be able to refresh db, but the host_state.limits are not refreshed. At this time, if we creating a vm by specifying a host, it can't create a vm successfully because of the host_state.limits ** Affects: nova Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1422048 Title: host_state.limits don't automatically update in filters Status in OpenStack Compute (Nova): New Bug description: host_state.limits don't update in the resources refresh process and only update using the filters. The implementation will encounter a problem in the following scene: When creating a vm by specifying a host and the host has insufficient resouces, the user can scale resources by hand, such as the disk is insufficient. The resources scaled by hand can be able to refresh db, but the host_state.limits are not refreshed. At this time, if we creating a vm by specifying a host, it can't create a vm successfully because of the host_state.limits To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1422048/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1421999] [NEW] Create & Edit Project is Broken
Public bug reported: Goto Identity -> Projects and the click on "create Project". It gives an error "An Error occured. Please try again later.". This is happening because code is not able to find the "_member_" user in the keystone. [Sat Feb 14 18:18:54.223434 2015] [:error] [pid 8690:tid 140651877480192] File "/usr/local/lib/python2.7/dist-packages/django/template/debug.py", line 78, in render_node [Sat Feb 14 18:18:54.223572 2015] [:error] [pid 8690:tid 140651877480192] return node.render(context) [Sat Feb 14 18:18:54.223697 2015] [:error] [pid 8690:tid 140651877480192] File "/usr/local/lib/python2.7/dist-packages/django/template/defaulttags.py", line 196, in render [Sat Feb 14 18:18:54.223837 2015] [:error] [pid 8690:tid 140651877480192] nodelist.append(node.render(context)) [Sat Feb 14 18:18:54.224005 2015] [:error] [pid 8690:tid 140651877480192] File "/usr/local/lib/python2.7/dist-packages/django/template/defaulttags.py", line 298, in render [Sat Feb 14 18:18:54.224158 2015] [:error] [pid 8690:tid 140651877480192] match = condition.eval(context) [Sat Feb 14 18:18:54.224330 2015] [:error] [pid 8690:tid 140651877480192] File "/usr/local/lib/python2.7/dist-packages/django/template/defaulttags.py", line 867, in eval [Sat Feb 14 18:18:54.224517 2015] [:error] [pid 8690:tid 140651877480192] return self.value.resolve(context, ignore_failures=True) [Sat Feb 14 18:18:54.225774 2015] [:error] [pid 8690:tid 140651877480192] File "/usr/local/lib/python2.7/dist-packages/django/template/base.py", line 585, in resolve [Sat Feb 14 18:18:54.226659 2015] [:error] [pid 8690:tid 140651877480192] obj = self.var.resolve(context) [Sat Feb 14 18:18:54.226931 2015] [:error] [pid 8690:tid 140651877480192] File "/usr/local/lib/python2.7/dist-packages/django/template/base.py", line 735, in resolve [Sat Feb 14 18:18:54.227073 2015] [:error] [pid 8690:tid 140651877480192] value = self._resolve_lookup(context) [Sat Feb 14 18:18:54.227153 2015] [:error] [pid 8690:tid 140651877480192] File "/usr/local/lib/python2.7/dist-packages/django/template/base.py", line 789, in _resolve_lookup [Sat Feb 14 18:18:54.227271 2015] [:error] [pid 8690:tid 140651877480192] current = current() [Sat Feb 14 18:18:54.227349 2015] [:error] [pid 8690:tid 140651877480192] File "/opt/stack/horizon/openstack_dashboard/wsgi/../../horizon/workflows/base.py", line 439, in has_required_fields [Sat Feb 14 18:18:54.227433 2015] [:error] [pid 8690:tid 140651877480192] return any(field.required for field in self.action.fields.values()) [Sat Feb 14 18:18:54.227516 2015] [:error] [pid 8690:tid 140651877480192] File "/opt/stack/horizon/openstack_dashboard/wsgi/../../horizon/workflows/base.py", line 368, in action [Sat Feb 14 18:18:54.227599 2015] [:error] [pid 8690:tid 140651877480192] context) [Sat Feb 14 18:18:54.227673 2015] [:error] [pid 8690:tid 140651877480192] File "/opt/stack/horizon/openstack_dashboard/wsgi/../../openstack_dashboard/dashboards/identity/projects/workflows.py", line 204, in __init__ [Sat Feb 14 18:18:54.227758 2015] [:error] [pid 8690:tid 140651877480192] redirect=reverse(INDEX_URL)) [Sat Feb 14 18:18:54.227848 2015] [:error] [pid 8690:tid 140651877480192] File "/opt/stack/horizon/openstack_dashboard/wsgi/../../horizon/exceptions.py", line 364, in handle [Sat Feb 14 18:18:54.227978 2015] [:error] [pid 8690:tid 140651877480192] six.reraise(exc_type, exc_value, exc_traceback) [Sat Feb 14 18:18:54.228069 2015] [:error] [pid 8690:tid 140651877480192] File "/opt/stack/horizon/openstack_dashboard/wsgi/../../openstack_dashboard/dashboards/identity/projects/workflows.py", line 200, in __init__ [Sat Feb 14 18:18:54.228155 2015] [:error] [pid 8690:tid 140651877480192] raise exceptions.NotFound(msg) [Sat Feb 14 18:18:54.228230 2015] [:error] [pid 8690:tid 140651877480192] NotFound: Could not find default role "_member_" in Keystone And when i queried Keystone api for the role-list, the _member_ was missing. stack@ubuntu:~/devstack$ keystone role-list +--+-+ |id| name | +--+-+ | beb167e318c24a91a03b35ceb727691b | Member | | 0e89a82771144ac4997dfd5a3348bbb6 | ResellerAdmin | | 8b4e346d05164038a17b750c6ea8e5ed | admin | | 2f096118163e4914bb91fd63283accd5 | anotherrole | | 20126fa129714525b759b82c0ee1b558 | heat_stack_user | | 19b00836ac9d441b811baaafa06b49be | service | +--+-+ ** Affects: horizon Importance: Undecided Assignee: Nikunj Aggarwal (nikunj2512) Status: New ** Changed in: horizon Assignee: (unassigned) => Nikunj Aggarwal (nikunj2512) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.
[Yahoo-eng-team] [Bug 1421971] [NEW] get_endpoint_group_in_project missing from sample policy files
Public bug reported: We've got an mapping for "get_endpoint_group_in_project", which maps to GET /v3/OS-EP- FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}, but it's not a target in the sample policy files. All the operations should be in the sample policy file so admins know what's available. ** Affects: keystone Importance: Undecided Assignee: Brant Knudson (blk-u) Status: New ** Changed in: keystone Assignee: (unassigned) => Brant Knudson (blk-u) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1421971 Title: get_endpoint_group_in_project missing from sample policy files Status in OpenStack Identity (Keystone): New Bug description: We've got an mapping for "get_endpoint_group_in_project", which maps to GET /v3/OS-EP- FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}, but it's not a target in the sample policy files. All the operations should be in the sample policy file so admins know what's available. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1421971/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1421966] [NEW] Getting role for trust is double-protected
Public bug reported: The function for getting or checking a role for trust (GET/HEAD /v3/OS-TRUST/trusts/{trust_id}/roles/{role_id}) winds up being protected first by `get_role_for_trust` and then by `check_role_for_trust`. This is because get_role_for_trust winds up calling self.check_role_for_trust()[1]. There's actually no external route for "check_role_for_trust", so this policy target should be removed. [1] http://git.openstack.org/cgit/openstack/keystone/tree/keystone/trust/controllers.py#n272 ** Affects: keystone Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1421966 Title: Getting role for trust is double-protected Status in OpenStack Identity (Keystone): New Bug description: The function for getting or checking a role for trust (GET/HEAD /v3/OS-TRUST/trusts/{trust_id}/roles/{role_id}) winds up being protected first by `get_role_for_trust` and then by `check_role_for_trust`. This is because get_role_for_trust winds up calling self.check_role_for_trust()[1]. There's actually no external route for "check_role_for_trust", so this policy target should be removed. [1] http://git.openstack.org/cgit/openstack/keystone/tree/keystone/trust/controllers.py#n272 To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1421966/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1421968] [NEW] List Endpoint Groups Associated with project not routed
Public bug reported: I was looking through the sample policy.json file and noticed that the "identity:list_endpoint_groups_for_project" target doesn't have a corresponding mapping in the routers[1]. Looks like there's supposed to be a router mapping /v3/OS-EP-FILTER/endpoint_groups/projects/{project_id}[2] to list_endpoint_groups_for_project. Since there's no mapping for the path, the keystone server is just going to 404. [1] This would be in http://git.openstack.org/cgit/openstack/keystone/tree/keystone/contrib/endpoint_filter/routers.py [2] http://specs.openstack.org/openstack/keystone-specs/api/v3/identity-api-v3-os-ep-filter-ext.html#list-endpoint-groups-associated-with-project ** Affects: keystone Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1421968 Title: List Endpoint Groups Associated with project not routed Status in OpenStack Identity (Keystone): New Bug description: I was looking through the sample policy.json file and noticed that the "identity:list_endpoint_groups_for_project" target doesn't have a corresponding mapping in the routers[1]. Looks like there's supposed to be a router mapping /v3/OS-EP-FILTER/endpoint_groups/projects/{project_id}[2] to list_endpoint_groups_for_project. Since there's no mapping for the path, the keystone server is just going to 404. [1] This would be in http://git.openstack.org/cgit/openstack/keystone/tree/keystone/contrib/endpoint_filter/routers.py [2] http://specs.openstack.org/openstack/keystone-specs/api/v3/identity-api-v3-os-ep-filter-ext.html#list-endpoint-groups-associated-with-project To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1421968/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp