Public bug reported: Version = openstack-dashboard 3:11.0.1-0ubuntu1~cloud0 Ceph version = 10.2.7
When using ceph RGW swift interface for open stack and the open stack dashboard version above to create a swift container the dashboard does a number of curl requests to check if the bucket name already exists to prevent the user from trying to create a bucket with the same name as an existing bucket. In most cases this works as expected, however if I try to create a bucket that starts with the same name as an existing bucket that has the ACL set to private I am unexpectedly logged out of the dashboard. In my tests I have open stack user 'paul' and project 'paul that owns a private swift bucket called 'paul' I then as a second user 'sean' and project 'sean' try to create a swift container called 'paul1' this will result in me getting logged out of the dashboard, The below shows the log file for when I try and create this bucket: `` REQ: curl -i https://rgw.domain.com/swift/v1/p/ -X GET -H "X-Auth-Token: {hidden}" RESP STATUS: 400 Bad Request RESP HEADERS: {u'Date': u'Thu, 27 Apr 2017 13:22:01 GMT', u'Content-Length': u'17', u'Content-Type': u'text/plain; charset=utf-8', u'Accept-Ranges': u'bytes', u'X-Trans-Id': u'{hidden}'} RESP BODY: InvalidBucketName REQ: curl -i https://rgw.domain.com/swift/v1/pa/ -X GET -H "X-Auth-Token: {hidden}" RESP STATUS: 400 Bad Request RESP HEADERS: {u'Date': u'Thu, 27 Apr 2017 13:22:02 GMT', u'Content-Length': u'17', u'Content-Type': u'text/plain; charset=utf-8', u'Accept-Ranges': u'bytes', u'X-Trans-Id': u'{hidden}'} RESP BODY: InvalidBucketName REQ: curl -i https://rgw.domain.com/swift/v1/pau/ -X GET -H "X-Auth-Token: {hidden}" RESP STATUS: 404 Not Found RESP HEADERS: {u'Date': u'Thu, 27 Apr 2017 13:22:04 GMT', u'Content-Length': u'12', u'Content-Type': u'text/plain; charset=utf-8', u'Accept-Ranges': u'bytes', u'X-Trans-Id': u'{hidden}'} RESP BODY: NoSuchBucket REQ: curl -i https://rgw.domain.com/swift/v1/paul/ -X GET -H "X-Auth-Token: {hidden}" RESP STATUS: 401 Unauthorized RESP HEADERS: {u'Date': u'Thu, 27 Apr 2017 13:22:04 GMT', u'Content-Length': u'12', u'Content-Type': u'text/plain; charset=utf-8', u'Accept-Ranges': u'bytes', u'X-Trans-Id': u'{hidden}'} RESP BODY: AccessDenied Logging out user "sean `` As you can see this works until the 401 is received by horizon from the rgw when checking bucket 'paul' I believe this is because the bucket ACL of Paul (created by user Paul) is set to ACL private as I don't have the same issue when the ACL is set to public or when the ACL is private and I try and create the bucket 'paul1' as the user 'paul' ** Affects: horizon Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1686729 Title: Creating object storage container causes user to be logged out Status in OpenStack Dashboard (Horizon): New Bug description: Version = openstack-dashboard 3:11.0.1-0ubuntu1~cloud0 Ceph version = 10.2.7 When using ceph RGW swift interface for open stack and the open stack dashboard version above to create a swift container the dashboard does a number of curl requests to check if the bucket name already exists to prevent the user from trying to create a bucket with the same name as an existing bucket. In most cases this works as expected, however if I try to create a bucket that starts with the same name as an existing bucket that has the ACL set to private I am unexpectedly logged out of the dashboard. In my tests I have open stack user 'paul' and project 'paul that owns a private swift bucket called 'paul' I then as a second user 'sean' and project 'sean' try to create a swift container called 'paul1' this will result in me getting logged out of the dashboard, The below shows the log file for when I try and create this bucket: `` REQ: curl -i https://rgw.domain.com/swift/v1/p/ -X GET -H "X-Auth-Token: {hidden}" RESP STATUS: 400 Bad Request RESP HEADERS: {u'Date': u'Thu, 27 Apr 2017 13:22:01 GMT', u'Content-Length': u'17', u'Content-Type': u'text/plain; charset=utf-8', u'Accept-Ranges': u'bytes', u'X-Trans-Id': u'{hidden}'} RESP BODY: InvalidBucketName REQ: curl -i https://rgw.domain.com/swift/v1/pa/ -X GET -H "X-Auth-Token: {hidden}" RESP STATUS: 400 Bad Request RESP HEADERS: {u'Date': u'Thu, 27 Apr 2017 13:22:02 GMT', u'Content-Length': u'17', u'Content-Type': u'text/plain; charset=utf-8', u'Accept-Ranges': u'bytes', u'X-Trans-Id': u'{hidden}'} RESP BODY: InvalidBucketName REQ: curl -i https://rgw.domain.com/swift/v1/pau/ -X GET -H "X-Auth-Token: {hidden}" RESP STATUS: 404 Not Found RESP HEADERS: {u'Date': u'Thu, 27 Apr 2017 13:22:04 GMT', u'Content-Length': u'12', u'Content-Type': u'text/plain; charset=utf-8', u'Accept-Ranges': u'bytes', u'X-Trans-Id': u'{hidden}'} RESP BODY: NoSuchBucket REQ: curl -i https://rgw.domain.com/swift/v1/paul/ -X GET -H "X-Auth-Token: {hidden}" RESP STATUS: 401 Unauthorized RESP HEADERS: {u'Date': u'Thu, 27 Apr 2017 13:22:04 GMT', u'Content-Length': u'12', u'Content-Type': u'text/plain; charset=utf-8', u'Accept-Ranges': u'bytes', u'X-Trans-Id': u'{hidden}'} RESP BODY: AccessDenied Logging out user "sean `` As you can see this works until the 401 is received by horizon from the rgw when checking bucket 'paul' I believe this is because the bucket ACL of Paul (created by user Paul) is set to ACL private as I don't have the same issue when the ACL is set to public or when the ACL is private and I try and create the bucket 'paul1' as the user 'paul' To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1686729/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
