yahoo-eng-team team mailing list archive

[Matt Riedemann <mriedem.os@xxxxxxxxx>]

Public bug reported:

The changePassword API requires an adminPass value:

https://docs.openstack.org/api-ref/compute/?expanded=change-
administrative-password-changepassword-action-detail#change-
administrative-password-changepassword-action

But the schema allows an empty string:

https://github.com/openstack/nova/blob/9742a64403c0a0ae5e0b37df5b0bf3ba14ac4626/nova/api/openstack/compute/schemas/admin_password.py#L24

https://github.com/openstack/nova/blob/9742a64403c0a0ae5e0b37df5b0bf3ba14ac4626/nova/api/validation/parameter_types.py#L370

This is evident from the unit test here that doesn't fail:

https://github.com/openstack/nova/blob/9742a64403c0a0ae5e0b37df5b0bf3ba14ac4626/nova/tests/unit/api/openstack/compute/test_admin_password.py#L61

Looking at old changes like this: https://review.opendev.org/#/c/145398/

It looks like the legacy v2 API did not allow empty string or None
values for adminPass but that was regressed with the schema validation
added to the changePassword API here:

https://review.opendev.org/#/c/59598/

And we can see from https://review.opendev.org/#/c/35625/ that an
adminPass="" would not have been supported originally but was regressed
in the schema change since there was no test for empty string at that
the time of the schema addition.

** Affects: nova
     Importance: Low
         Status: Triaged


** Tags: api

** Changed in: nova
       Status: New => Triaged

** Changed in: nova
   Importance: Undecided => Low

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1850437

Title:
  changePassword action allows adminPass="" value

Status in OpenStack Compute (nova):
  Triaged

Bug description:
  The changePassword API requires an adminPass value:

  https://docs.openstack.org/api-ref/compute/?expanded=change-
  administrative-password-changepassword-action-detail#change-
  administrative-password-changepassword-action

  But the schema allows an empty string:

  https://github.com/openstack/nova/blob/9742a64403c0a0ae5e0b37df5b0bf3ba14ac4626/nova/api/openstack/compute/schemas/admin_password.py#L24

  https://github.com/openstack/nova/blob/9742a64403c0a0ae5e0b37df5b0bf3ba14ac4626/nova/api/validation/parameter_types.py#L370

  This is evident from the unit test here that doesn't fail:

  https://github.com/openstack/nova/blob/9742a64403c0a0ae5e0b37df5b0bf3ba14ac4626/nova/tests/unit/api/openstack/compute/test_admin_password.py#L61

  Looking at old changes like this:
  https://review.opendev.org/#/c/145398/

  It looks like the legacy v2 API did not allow empty string or None
  values for adminPass but that was regressed with the schema validation
  added to the changePassword API here:

  https://review.opendev.org/#/c/59598/

  And we can see from https://review.opendev.org/#/c/35625/ that an
  adminPass="" would not have been supported originally but was
  regressed in the schema change since there was no test for empty
  string at that the time of the schema addition.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1850437/+subscriptions