yahoo-eng-team team mailing list archive

[Matt Riedemann <mriedem@xxxxxxxxxx>]

Public bug reported:

The 1.3 microversion of the placement API adds a member_of query string
parameter to the /resource_providers handler and the values are meant to
be aggregate uuids, but the REST API handler code simply parses the
query string and passes the filter through to the DB API query code,
which is doing a simple aggregate.uuid IN [values] query. For something
that's not a uuid it's just going to result in no results and return an
empty list, but the REST API should be stricter about the actual
member_of values being uuids.

** Affects: nova
     Importance: Medium
     Assignee: Matt Riedemann (mriedem)
         Status: In Progress


** Tags: api placement

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1656482

Title:
  GET /resource_providers?member_of does not validate the value is a
  uuid

Status in OpenStack Compute (nova):
  In Progress

Bug description:
  The 1.3 microversion of the placement API adds a member_of query
  string parameter to the /resource_providers handler and the values are
  meant to be aggregate uuids, but the REST API handler code simply
  parses the query string and passes the filter through to the DB API
  query code, which is doing a simple aggregate.uuid IN [values] query.
  For something that's not a uuid it's just going to result in no
  results and return an empty list, but the REST API should be stricter
  about the actual member_of values being uuids.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1656482/+subscriptions