yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1206396] Re: Name validations for compute resources

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Dolph Mathews <1206396@xxxxxxxxxxxxxxxxxx>
Date: Mon, 12 Aug 2013 18:11:25 -0000
Reply-to: Bug 1206396 <1206396@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

UTR against keystone directly (sounds like a bug between horizon and
keystoneclient?). Attempting to create a role with a single space as the
name behaves as expected (the name is stored correctly in the sql
driver, not as a null value).

POST http://localhost:35357/v3/roles
{"role": {"name": " "}}

{
  "role": {
    "id": "9cf9fc40486947539a10400e638b9e65", 
    "links": {
      "self": "http://localhost:5000/v3/roles/9cf9fc40486947539a10400e638b9e65";
    }, 
    "name": " "
  }
}

GET http://localhost:35357/v3/roles

{
  "roles": [
    {
      "id": "9cf9fc40486947539a10400e638b9e65", 
      "links": {
        "self": "http://localhost:5000/v3/roles/9cf9fc40486947539a10400e638b9e65";
      }, 
      "name": " "
    }
  ], 
  "links": {
    "self": "http://localhost:5000/v3/roles";, 
    "next": null, 
    "previous": null
  }
}

** Changed in: keystone
       Status: New => Invalid

** Changed in: keystone
     Assignee: Rohan (kanaderohan) => (unassigned)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1206396

Title:
  Name validations for compute resources

Status in Cinder:
  Confirmed
Status in OpenStack Identity (Keystone):
  Invalid
Status in OpenStack Compute (Nova):
  Confirmed
Status in Oslo - a Library of Common OpenStack Code:
  New

Bug description:
  There is no consistent validation for the 'name' parameter across
  compute resources. The following characters need to be validated in
  the input:

  1. One more whitespaces (like ' ' or '    ') -
  2. Leading or trailing whitespaces (like '   test123 ')

  Currently flavor name, volume name, role name, group name, security
  group name and keypair name accept input in each of the two cases (no
  validation).

  Adding the two cases above to name parameter validation would be useful.
  It makes sense to move this validation code to a common utility that can be used across all Create resource methods.
  Although the 'name' is not as significant the resource's ID, it does act as a label for the resource and should be validated properly.

  For example, from the dasbhboard, a role with a blank name, i.e single
  whitespace string like ' ' can be created. This get's stored in the
  keystone db as NULL and appears in the dashboard roles drop down
  during Create User as None. This behavior should be fixed.

  Refer:
  https://github.com/openstack/nova/blob/master/nova/compute/api.py#L3086
  _validate_new_keypair() can be moved to a common utility to provide
  'name' field validations.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1206396/+subscriptions