yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1800915] [NEW] Neutron's endpoint cannot tell the difference between '-' and '_'

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Hongbin Lu <1800915@xxxxxxxxxxxxxxxxxx>
Date: Wed, 31 Oct 2018 20:46:43 -0000
Reply-to: Bug 1800915 <1800915@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

The current neutron API seems to treat '-' and '_' the same. For
example, both "/v2.0/security-groups" and "/v2.0/security_groups" will
process by the same controller and succeed. More examples is as below:

$ curl -g -i -X GET http://10.0.2.15:9696/v2.0/security-groups -H "Accept: application/json" -H "X-Auth-Token: $TOKEN"
HTTP/1.1 200 OK

$ curl -g -i -X GET http://10.0.2.15:9696/v2.0/security_groups -H "Accept: application/json" -H "X-Auth-Token: $TOKEN"
HTTP/1.1 200 OK

$ curl -g -i -X GET http://10.0.2.15:9696/v2.0/availability-zones -H "Accept: application/json" -H "X-Auth-Token: $TOKEN"
HTTP/1.1 200 OK

$ curl -g -i -X GET http://10.0.2.15:9696/v2.0/availability_zones -H "Accept: application/json" -H "X-Auth-Token: $TOKEN"
HTTP/1.1 200 OK

IMHO, neutron should be strict between '-' and '_'. For example, the
second and third commands above should fail or we should update the API
documentation about that.

** Affects: neutron
     Importance: Undecided
     Assignee: Hongbin Lu (hongbin.lu)
         Status: New


** Tags: api

** Tags added: api

** Changed in: neutron
     Assignee: (unassigned) => Hongbin Lu (hongbin.lu)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1800915

Title:
  Neutron's endpoint cannot tell the difference between '-' and '_'

Status in neutron:
  New

Bug description:
  The current neutron API seems to treat '-' and '_' the same. For
  example, both "/v2.0/security-groups" and "/v2.0/security_groups" will
  process by the same controller and succeed. More examples is as below:

  $ curl -g -i -X GET http://10.0.2.15:9696/v2.0/security-groups -H "Accept: application/json" -H "X-Auth-Token: $TOKEN"
  HTTP/1.1 200 OK

  $ curl -g -i -X GET http://10.0.2.15:9696/v2.0/security_groups -H "Accept: application/json" -H "X-Auth-Token: $TOKEN"
  HTTP/1.1 200 OK

  $ curl -g -i -X GET http://10.0.2.15:9696/v2.0/availability-zones -H "Accept: application/json" -H "X-Auth-Token: $TOKEN"
  HTTP/1.1 200 OK

  $ curl -g -i -X GET http://10.0.2.15:9696/v2.0/availability_zones -H "Accept: application/json" -H "X-Auth-Token: $TOKEN"
  HTTP/1.1 200 OK

  IMHO, neutron should be strict between '-' and '_'. For example, the
  second and third commands above should fail or we should update the
  API documentation about that.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1800915/+subscriptions