[Yahoo-eng-team] [Bug 2047135] [NEW] Race condition at container create form
Public bug reported: Issue manifests when user pastes container name and immediately clicks confirm button at the container create form. In case of issue created container named “undefined“ instead of name provided by form. Timeframe for such behavior is very strict, so it affects mostly tests. User can hit an issue in case of very slow connection to Horizon. Most probable cause of issue is $asyncvalidator feature of form. It does some requests to Swift API to check if such container exists and triggered by any input to name field. Form submitted until all validation requests are resolved is invalid. $pending AngularJS feature should handle it, but it seems to be unsupported in schema-form ** Affects: horizon Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/2047135 Title: Race condition at container create form Status in OpenStack Dashboard (Horizon): New Bug description: Issue manifests when user pastes container name and immediately clicks confirm button at the container create form. In case of issue created container named “undefined“ instead of name provided by form. Timeframe for such behavior is very strict, so it affects mostly tests. User can hit an issue in case of very slow connection to Horizon. Most probable cause of issue is $asyncvalidator feature of form. It does some requests to Swift API to check if such container exists and triggered by any input to name field. Form submitted until all validation requests are resolved is invalid. $pending AngularJS feature should handle it, but it seems to be unsupported in schema- form To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/2047135/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 2037002] [NEW] Reader can update object tag
Public bug reported: Update of Neutron object tags ignores policies for this object update. So, reader user can update tags for all objects of his project Reproduced on Devstack - Yoga. Newer releases up to master have no changes here, so also should be affected Steps to reproduce: All operations in default alt_demo project, which has all needed users provisioned by default 1. Create network object, i.e. floating ip using alt_demo user - as project admin 2. Re-login as alt_demo_reader and try to update tags for this floating Tags are updated successfully, but reader user has no rights for floating update - "update_floatingip" policy enabled for at least member ** Affects: neutron Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/2037002 Title: Reader can update object tag Status in neutron: New Bug description: Update of Neutron object tags ignores policies for this object update. So, reader user can update tags for all objects of his project Reproduced on Devstack - Yoga. Newer releases up to master have no changes here, so also should be affected Steps to reproduce: All operations in default alt_demo project, which has all needed users provisioned by default 1. Create network object, i.e. floating ip using alt_demo user - as project admin 2. Re-login as alt_demo_reader and try to update tags for this floating Tags are updated successfully, but reader user has no rights for floating update - "update_floatingip" policy enabled for at least member To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/2037002/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 2008132] [NEW] Unable to associate FIP with Tungstenfabric Neutron backend
Public bug reported: Reproduced issue on the environment with TF Neutron backend and enabled 'enable_fip_topology_check' config option. OVN backend is not affected in any case, combination of any Neutron backend and disabled 'enable_fip_topology_check' also not affected. It is possible to remove all FIPs from port via CLI at the TF environment. In case of enabled topology check it leads to error during FIP associate and disassociate operations. Sample of traceback: 2023-01-12 11:23:41.841408 File "/var/lib/openstack/lib/python3.8/site-packages/openstack_dashboard/dashboards/project/instances/forms.py", line 436 , in __init__ 2023-01-12 11:23:41.841412 targets = api.neutron.floating_ip_target_list_by_instance( 2023-01-12 11:23:41.841415 File "/var/lib/openstack/lib/python3.8/site-packages/openstack_dashboard/api/neutron.py", line 1631, in floating_ip_targe t_list_by_instance 2023-01-12 11:23:41.841419 return FloatingIpManager(request).list_targets_by_instance( 2023-01-12 11:23:41.841425 File "/var/lib/openstack/lib/python3.8/site-packages/openstack_dashboard/api/neutron.py", line 757, in list_targets_by_in stance 2023-01-12 11:23:41.841429 reachable_subnets = self._get_reachable_subnets( 2023-01-12 11:23:41.841433 File "/var/lib/openstack/lib/python3.8/site-packages/openstack_dashboard/api/neutron.py", line 690, in _get_reachable_sub nets 2023-01-12 11:23:41.841436 reachable_subnets = set(p.fixed_ips[0]['subnet_id'] 2023-01-12 11:23:41.841440 File "/var/lib/openstack/lib/python3.8/site-packages/openstack_dashboard/api/neutron.py", line 690, in 2023-01-12 11:23:41.841444 reachable_subnets = set(p.fixed_ips[0]['subnet_id'] 2023-01-12 11:23:41.841446 IndexError: list index out of range It leads to "Error occured" popup alert at the dashboard and reload of Instances page. It would be great to catch this error and provide user more reasonable message ** Affects: horizon Importance: Undecided Status: In Progress -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/2008132 Title: Unable to associate FIP with Tungstenfabric Neutron backend Status in OpenStack Dashboard (Horizon): In Progress Bug description: Reproduced issue on the environment with TF Neutron backend and enabled 'enable_fip_topology_check' config option. OVN backend is not affected in any case, combination of any Neutron backend and disabled 'enable_fip_topology_check' also not affected. It is possible to remove all FIPs from port via CLI at the TF environment. In case of enabled topology check it leads to error during FIP associate and disassociate operations. Sample of traceback: 2023-01-12 11:23:41.841408 File "/var/lib/openstack/lib/python3.8/site-packages/openstack_dashboard/dashboards/project/instances/forms.py", line 436 , in __init__ 2023-01-12 11:23:41.841412 targets = api.neutron.floating_ip_target_list_by_instance( 2023-01-12 11:23:41.841415 File "/var/lib/openstack/lib/python3.8/site-packages/openstack_dashboard/api/neutron.py", line 1631, in floating_ip_targe t_list_by_instance 2023-01-12 11:23:41.841419 return FloatingIpManager(request).list_targets_by_instance( 2023-01-12 11:23:41.841425 File "/var/lib/openstack/lib/python3.8/site-packages/openstack_dashboard/api/neutron.py", line 757, in list_targets_by_in stance 2023-01-12 11:23:41.841429 reachable_subnets = self._get_reachable_subnets( 2023-01-12 11:23:41.841433 File "/var/lib/openstack/lib/python3.8/site-packages/openstack_dashboard/api/neutron.py", line 690, in _get_reachable_sub nets 2023-01-12 11:23:41.841436 reachable_subnets = set(p.fixed_ips[0]['subnet_id'] 2023-01-12 11:23:41.841440 File "/var/lib/openstack/lib/python3.8/site-packages/openstack_dashboard/api/neutron.py", line 690, in 2023-01-12 11:23:41.841444 reachable_subnets = set(p.fixed_ips[0]['subnet_id'] 2023-01-12 11:23:41.841446 IndexError: list index out of range It leads to "Error occured" popup alert at the dashboard and reload of Instances page. It would be great to catch this error and provide user more reasonable message To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/2008132/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1927261] Re: Support for Angular 1.8.x in Horizon
Fixed by https://review.opendev.org/c/openstack/horizon/+/843346 ** Changed in: horizon Status: New => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1927261 Title: Support for Angular 1.8.x in Horizon Status in OpenStack Dashboard (Horizon): Fix Released Bug description: Some of the horizon angular panels (keypair and glance) are broken in Debian Bullseye distribution. As of now, we use angular 1.5.8.0 in the horizon [1], [2], [3]. We can try to update angularjs to 1.8.2 maybe that fixes the issue. [1] https://github.com/openstack/horizon/blob/master/requirements.txt#L44 [2] https://pypi.org/project/XStatic-Angular/ [3] https://opendev.org/openstack/requirements/src/branch/master/openstack_requirements/tests/files/upper-constraints.txt#L73 Related thread: http://lists.openstack.org/pipermail/openstack- discuss/2021-May/022243.html To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1927261/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1961595] [NEW] Argument validation for various API endpoints
Public bug reported: Currently, not all request handlers validate arguments passed from client. It leads to response 500 in case of malformed requests. Affected endpoints: 1. http:///api/glance/metadefs/namespaces/?= resource_type is required argument here 2. https:///auth/switch//?next=somemalformedredirect Redirect is not validated, in case of non-existing url it raises NoReverseMatch or 500 depending on dashboard config ** Affects: horizon Importance: Undecided Status: In Progress -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1961595 Title: Argument validation for various API endpoints Status in OpenStack Dashboard (Horizon): In Progress Bug description: Currently, not all request handlers validate arguments passed from client. It leads to response 500 in case of malformed requests. Affected endpoints: 1. http:///api/glance/metadefs/namespaces/?= resource_type is required argument here 2. https:///auth/switch//?next=somemalformedredirect Redirect is not validated, in case of non-existing url it raises NoReverseMatch or 500 depending on dashboard config To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1961595/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1952112] [NEW] Template topology page doesn't handle session expiration
Public bug reported: Reproduced on master, but any release since about Pike seems to be affected. Steps to reproduce: 1. Deploy any Openstack environment with Heat and heat-dashboard components enabled. Devstack should be enough 2. Create any stack. "Most basic template" from https://docs.openstack.org/heat/victoria/template_guide/hot_guide.html should work well after passing valid image name 3. Go to Project->Orchestration->Stacks->created stack->Topology tab 4. Wait until session timeout (1 hour by default) or mangle sessionid cookie value in browser to make it invalid Actual behavior: Visually nothing changed, but repeating requests to /project/stacks/get_d3_data/ return 401. Server-side logs are also affected. Expected behavior: Some form of logout or notification about expired user session ** Affects: horizon Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1952112 Title: Template topology page doesn't handle session expiration Status in OpenStack Dashboard (Horizon): New Bug description: Reproduced on master, but any release since about Pike seems to be affected. Steps to reproduce: 1. Deploy any Openstack environment with Heat and heat-dashboard components enabled. Devstack should be enough 2. Create any stack. "Most basic template" from https://docs.openstack.org/heat/victoria/template_guide/hot_guide.html should work well after passing valid image name 3. Go to Project->Orchestration->Stacks->created stack->Topology tab 4. Wait until session timeout (1 hour by default) or mangle sessionid cookie value in browser to make it invalid Actual behavior: Visually nothing changed, but repeating requests to /project/stacks/get_d3_data/ return 401. Server-side logs are also affected. Expected behavior: Some form of logout or notification about expired user session To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1952112/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1943618] [NEW] Unable to handle Swift containers in Horizon due to cookies settings
Public bug reported: Reproduced on several versions since at least Pike to Victoria. Special config needed: $ grep -i "cookie" local_settings.py CSRF_COOKIE_SECURE = True SESSION_COOKIE_SECURE = True CSRF_COOKIE_HTTPONLY = True SESSION_COOKIE_HTTPONLY = True Critical option for reproduce is CSRF_COOKIE_HTTPONLY, turning it off suppresses the issue. Reproduce: In Horizon Dashboard: Project -> Object store -> Containers -> "Create container" fails with the following error: "Error: Unable to create container" The following messages are captured in horizon log: django.request Not Found: /horizon/api/swift/containers/test/metadata/ django.security.csrf Forbidden (CSRF token missing or incorrect.): /horizon/api/swift/containers/test/metadata/ Also deleting of existing container fails with the similar error ** Affects: horizon Importance: Undecided Status: In Progress -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1943618 Title: Unable to handle Swift containers in Horizon due to cookies settings Status in OpenStack Dashboard (Horizon): In Progress Bug description: Reproduced on several versions since at least Pike to Victoria. Special config needed: $ grep -i "cookie" local_settings.py CSRF_COOKIE_SECURE = True SESSION_COOKIE_SECURE = True CSRF_COOKIE_HTTPONLY = True SESSION_COOKIE_HTTPONLY = True Critical option for reproduce is CSRF_COOKIE_HTTPONLY, turning it off suppresses the issue. Reproduce: In Horizon Dashboard: Project -> Object store -> Containers -> "Create container" fails with the following error: "Error: Unable to create container" The following messages are captured in horizon log: django.request Not Found: /horizon/api/swift/containers/test/metadata/ django.security.csrf Forbidden (CSRF token missing or incorrect.): /horizon/api/swift/containers/test/metadata/ Also deleting of existing container fails with the similar error To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1943618/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1932341] [NEW] Image name not shown in Admin - Instances page
Public bug reported: Admin-Compute-Instances dashboard shows "-" as image name for every instance. Despite, Project-Compute-Instances dashboard displays image name correctly. Admin dashboard just lacks code to resolve image name ** Affects: horizon Importance: Undecided Status: New ** Attachment added: "screenshot-192.168.122.178-2021.06.17-18_55_06.png" https://bugs.launchpad.net/bugs/1932341/+attachment/5505300/+files/screenshot-192.168.122.178-2021.06.17-18_55_06.png -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1932341 Title: Image name not shown in Admin - Instances page Status in OpenStack Dashboard (Horizon): New Bug description: Admin-Compute-Instances dashboard shows "-" as image name for every instance. Despite, Project-Compute-Instances dashboard displays image name correctly. Admin dashboard just lacks code to resolve image name To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1932341/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1930420] [NEW] Horizon should autofill Source tab for instance when launching it from volume
Public bug reported: Reproduced on recent devstack master. Steps to reproduce: 1. Create a bootable volume from cirros image. 1 Gb is enough 2. Select created volume and choose "Launch as Instance" 3. Define instance name, allocate flavor and network in corresponding tabs 4. Launch instance Horizon should autofill Source tab for instance correctly when launching it from volume. By default “image” option is selected, leading to error: Block Device Mapping is Invalid: Missing device UUID. (HTTP 400) (Request-ID: req-some-uuid) Expected Result: Instance created successfully Actual Result: Instance creation fails with following error: Block Device Mapping is Invalid: Missing device UUID. (HTTP 400) (Request-ID: req-some-uuid) ** Affects: horizon Importance: Undecided Status: In Progress -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1930420 Title: Horizon should autofill Source tab for instance when launching it from volume Status in OpenStack Dashboard (Horizon): In Progress Bug description: Reproduced on recent devstack master. Steps to reproduce: 1. Create a bootable volume from cirros image. 1 Gb is enough 2. Select created volume and choose "Launch as Instance" 3. Define instance name, allocate flavor and network in corresponding tabs 4. Launch instance Horizon should autofill Source tab for instance correctly when launching it from volume. By default “image” option is selected, leading to error: Block Device Mapping is Invalid: Missing device UUID. (HTTP 400) (Request-ID: req-some-uuid) Expected Result: Instance created successfully Actual Result: Instance creation fails with following error: Block Device Mapping is Invalid: Missing device UUID. (HTTP 400) (Request-ID: req-some-uuid) To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1930420/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1929805] [NEW] Can't remove records in 'Create Record Set' form in DNS dashboard
Public bug reported: Reproduced on devstack with master, but seems that any setup with Designate since Mitaka is affected. Steps to reproduce: 1. Go to Project/DNS/Zones page 2. Create a Zone 3. Click on ‘Create Record Set’ button at the right of the Zone record 4. Try to fill several ‘Record’ fields in the ‘Records’ section of the form, then to delete data in the field with 'x' button Expected behavior: Record deleted Actual behavior: 'x' button is inactive It is bug in CSS used in array widget in Horizon, but currently this array widget used only in designate-dashboard ** Affects: horizon Importance: Undecided Status: New ** Attachment added: "screenshot-localhost_8000-2021.05.27-12_42_41.png" https://bugs.launchpad.net/bugs/1929805/+attachment/5500662/+files/screenshot-localhost_8000-2021.05.27-12_42_41.png -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1929805 Title: Can't remove records in 'Create Record Set' form in DNS dashboard Status in OpenStack Dashboard (Horizon): New Bug description: Reproduced on devstack with master, but seems that any setup with Designate since Mitaka is affected. Steps to reproduce: 1. Go to Project/DNS/Zones page 2. Create a Zone 3. Click on ‘Create Record Set’ button at the right of the Zone record 4. Try to fill several ‘Record’ fields in the ‘Records’ section of the form, then to delete data in the field with 'x' button Expected behavior: Record deleted Actual behavior: 'x' button is inactive It is bug in CSS used in array widget in Horizon, but currently this array widget used only in designate-dashboard To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1929805/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1830886] [NEW] Taiwanese locale not working
Public bug reported: Language selector allows switching to zh-tw, but zh-cn is displayed instead. Django 1.11 finally removed support of legacy chinese locale naming. So, any zh-* locale silently falls back to zh-Hans, which is equivalent of zh-cn. Related discussion: https://bugs.launchpad.net/horizon/+bug/1818639 ** Affects: horizon Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1830886 Title: Taiwanese locale not working Status in OpenStack Dashboard (Horizon): New Bug description: Language selector allows switching to zh-tw, but zh-cn is displayed instead. Django 1.11 finally removed support of legacy chinese locale naming. So, any zh-* locale silently falls back to zh-Hans, which is equivalent of zh-cn. Related discussion: https://bugs.launchpad.net/horizon/+bug/1818639 To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1830886/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1830759] [NEW] Can't create volume using a volume as a source
Public bug reported: Steps to reproduce: 1. Create volume of non-default type named Vol1 2. Create volume named Vol2 using Vol1 as source Volume Expected result: Volume is created Actual result: Volume isn't created. Error "Error: Unable to create volume." CLI allows this operation ** Affects: horizon Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1830759 Title: Can't create volume using a volume as a source Status in OpenStack Dashboard (Horizon): New Bug description: Steps to reproduce: 1. Create volume of non-default type named Vol1 2. Create volume named Vol2 using Vol1 as source Volume Expected result: Volume is created Actual result: Volume isn't created. Error "Error: Unable to create volume." CLI allows this operation To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1830759/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1825961] [NEW] Horizon displays an error message on an empty instances list page
Public bug reported: The following error is observed in the Horizon log: Unable to connect to Neutron: 'frozenset' object has no attribute '_getitem_' The error happens on the network_list requests when the parameter list is too long. ** Affects: horizon Importance: Undecided Assignee: Vadym Markov (vmarkov) Status: In Progress -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1825961 Title: Horizon displays an error message on an empty instances list page Status in OpenStack Dashboard (Horizon): In Progress Bug description: The following error is observed in the Horizon log: Unable to connect to Neutron: 'frozenset' object has no attribute '_getitem_' The error happens on the network_list requests when the parameter list is too long. To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1825961/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1819423] [NEW] Horizon does not support CSRF_COOKIE_HTTPONLY option
Public bug reported: Steps to reproduce: Deploy Openstack, Devstack Pike is enough add following option into /etc/openstack-dashboard/local_settings.py : CSRF_COOKIE_HTTPONLY = True Restart Apache Expected result: Horizon works Actual result: Several issues appear in Horizon. Request to /api/policy returns 403, and "Policy check failed" warning displayed. At least "Launch instance" and "Create image" dashboards are affected ** Affects: horizon Importance: Undecided Status: New ** Attachment added: "Screen Shot 2018-11-09 at 12.52.45 PM.png" https://bugs.launchpad.net/bugs/1819423/+attachment/5245358/+files/Screen%20Shot%202018-11-09%20at%2012.52.45%20PM.png -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1819423 Title: Horizon does not support CSRF_COOKIE_HTTPONLY option Status in OpenStack Dashboard (Horizon): New Bug description: Steps to reproduce: Deploy Openstack, Devstack Pike is enough add following option into /etc/openstack-dashboard/local_settings.py : CSRF_COOKIE_HTTPONLY = True Restart Apache Expected result: Horizon works Actual result: Several issues appear in Horizon. Request to /api/policy returns 403, and "Policy check failed" warning displayed. At least "Launch instance" and "Create image" dashboards are affected To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1819423/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1818213] [NEW] Horizon pop-up "Create image" does not have confirmation alert
Public bug reported: Step to reproduce: 1. Deploy environment; 2. Open Horizon dashboard; 3. Try to upload a huge image to glance via Horizon 4. Try to close pop-up "Create image" Expected result: Appear confirmation alert Actual result: Pop-up closed without any alerts In any case, user have possibility to close window without confirmation and lose all data in input fields. ** Affects: horizon Importance: Undecided Assignee: Vadym Markov (vmarkov) Status: In Progress -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1818213 Title: Horizon pop-up "Create image" does not have confirmation alert Status in OpenStack Dashboard (Horizon): In Progress Bug description: Step to reproduce: 1. Deploy environment; 2. Open Horizon dashboard; 3. Try to upload a huge image to glance via Horizon 4. Try to close pop-up "Create image" Expected result: Appear confirmation alert Actual result: Pop-up closed without any alerts In any case, user have possibility to close window without confirmation and lose all data in input fields. To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1818213/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1797592] [NEW] Progress bar doesn't displayed at image upload
Public bug reported: "Create image" modal windows should render progress bar during image upload, immediately after "Create image" button pressed. It disappears when image loaded. Screenshot of expected behavior is attached ** Affects: horizon Importance: Undecided Status: New ** Attachment added: "horizon_image_create_progressbar.png" https://bugs.launchpad.net/bugs/1797592/+attachment/5200459/+files/horizon_image_create_progressbar.png -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1797592 Title: Progress bar doesn't displayed at image upload Status in OpenStack Dashboard (Horizon): New Bug description: "Create image" modal windows should render progress bar during image upload, immediately after "Create image" button pressed. It disappears when image loaded. Screenshot of expected behavior is attached To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1797592/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1794767] [NEW] Horizon exposes url in Swift error message
Public bug reported: Horizon can be made to expose internal data structures from HTTP requests, this a security hazard. See for example: GET /api/swift/containers/test01s/metadata/nonexistantFile.txt HTTP/1.1 Host: example.com ... Response: HTTP/1.1 404 Not Found Date: Tue, 11 Sep 2018 19:30:11 GMT Server: Apache/2.4.18 (Ubuntu) Content-Length: 98 Vary: Accept-Language,Cookie X-Frame-Options: SAMEORIGIN Content-Language: en Content-Type: application/json "Object HEAD failed: http://123.456.789.012:8080/swift/v1/test01s/nonexistantFile.txt 404 Not Found" - Note, the Object Store endpoint configured on the /project/api_access page as "http://example.com:8080/swift/v1;, so exposing the internal url is incorrect. It should return smth like: "Object HEAD failed: http://example.com:8080/swift/v1/test01s/nonexistantFile.txt 404 Not Found" , or just hide url at all To reproduce: 1. Log into Horizon with Firefox 2. Open up Web Developer Tools 3. Navigate to Project -> Object Store -> Containers 4. pick a GET from the Network tab in developer tool that is for /api/swift/containers, copy it as cUrl and append "test01s/metadata/nonexistantFile.txt" onto the end of the URL. Note you need to do this quickly otherwise the auth token will expire. If that happens just refresh page and edit request quickly. 5. Observe url present in response ** Affects: horizon Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1794767 Title: Horizon exposes url in Swift error message Status in OpenStack Dashboard (Horizon): New Bug description: Horizon can be made to expose internal data structures from HTTP requests, this a security hazard. See for example: GET /api/swift/containers/test01s/metadata/nonexistantFile.txt HTTP/1.1 Host: example.com ... Response: HTTP/1.1 404 Not Found Date: Tue, 11 Sep 2018 19:30:11 GMT Server: Apache/2.4.18 (Ubuntu) Content-Length: 98 Vary: Accept-Language,Cookie X-Frame-Options: SAMEORIGIN Content-Language: en Content-Type: application/json "Object HEAD failed: http://123.456.789.012:8080/swift/v1/test01s/nonexistantFile.txt 404 Not Found" - Note, the Object Store endpoint configured on the /project/api_access page as "http://example.com:8080/swift/v1;, so exposing the internal url is incorrect. It should return smth like: "Object HEAD failed: http://example.com:8080/swift/v1/test01s/nonexistantFile.txt 404 Not Found" , or just hide url at all To reproduce: 1. Log into Horizon with Firefox 2. Open up Web Developer Tools 3. Navigate to Project -> Object Store -> Containers 4. pick a GET from the Network tab in developer tool that is for /api/swift/containers, copy it as cUrl and append "test01s/metadata/nonexistantFile.txt" onto the end of the URL. Note you need to do this quickly otherwise the auth token will expire. If that happens just refresh page and edit request quickly. 5. Observe url present in response To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1794767/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1774623] [NEW] Remove unnecessary disclaimer from the login page
Public bug reported: Horizon has WEBSSO_CHOICES config option which allows user to select auth mechanism to login, like Keystone credentials or OpenID. List of valid auth choices also is configurable. If this option is enabled, user gets list of auth variants and disclaimer "If you are not sure which authentication method to use, contact your administrator". Disclaimer is shown even if list has only one possible option, which is confusing. Way to reproduce: Enable WEBSSO_ENABLED and WEBSSO_CHOICES options in Horizon config and make WEBSSO_CHOICES include exactly one element ** Affects: horizon Importance: Undecided Status: New ** Attachment added: "Screenshot from 2018-06-01 14-05-24.png" https://bugs.launchpad.net/bugs/1774623/+attachment/5147349/+files/Screenshot%20from%202018-06-01%2014-05-24.png -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1774623 Title: Remove unnecessary disclaimer from the login page Status in OpenStack Dashboard (Horizon): New Bug description: Horizon has WEBSSO_CHOICES config option which allows user to select auth mechanism to login, like Keystone credentials or OpenID. List of valid auth choices also is configurable. If this option is enabled, user gets list of auth variants and disclaimer "If you are not sure which authentication method to use, contact your administrator". Disclaimer is shown even if list has only one possible option, which is confusing. Way to reproduce: Enable WEBSSO_ENABLED and WEBSSO_CHOICES options in Horizon config and make WEBSSO_CHOICES include exactly one element To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1774623/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp