← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1400366] Re: Glance allows to sort images by private fields

 

** Changed in: glance
       Status: Fix Committed => Fix Released

** Changed in: glance
    Milestone: None => kilo-2

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1400366

Title:
  Glance allows to sort images by private fields

Status in OpenStack Image Registry and Delivery Service (Glance):
  Fix Released

Bug description:
  Glance api supports sorting only by 'name', 'status', 'container_format',  'disk_format', 'size', 'id', 'created_at', 'updated_at'
  But now it's possible to make sorting by private fields like checksum or min_ram (/images?sort_key=checksum), that violates api.

  It's possible because there is no key validation on the api layer in v2. 
  There is a check on the db in pagination, but it covers all the fields (not only api), which causes a problem.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1400366/+subscriptions


References