yahoo-eng-team team mailing list archive

[Matt Riedemann <mriedem.os@xxxxxxxxx>]

This is wrong, it looks like empty string was always allowed, going back
to this code:

https://github.com/openstack/nova/blob/icehouse-
eol/nova/api/openstack/compute/servers.py#L1490

** Changed in: nova
       Status: In Progress => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1850437

Title:
  changePassword action allows adminPass="" value

Status in OpenStack Compute (nova):
  Invalid

Bug description:
  The changePassword API requires an adminPass value:

  https://docs.openstack.org/api-ref/compute/?expanded=change-
  administrative-password-changepassword-action-detail#change-
  administrative-password-changepassword-action

  But the schema allows an empty string:

  https://github.com/openstack/nova/blob/9742a64403c0a0ae5e0b37df5b0bf3ba14ac4626/nova/api/openstack/compute/schemas/admin_password.py#L24

  https://github.com/openstack/nova/blob/9742a64403c0a0ae5e0b37df5b0bf3ba14ac4626/nova/api/validation/parameter_types.py#L370

  This is evident from the unit test here that doesn't fail:

  https://github.com/openstack/nova/blob/9742a64403c0a0ae5e0b37df5b0bf3ba14ac4626/nova/tests/unit/api/openstack/compute/test_admin_password.py#L61

  Looking at old changes like this:
  https://review.opendev.org/#/c/145398/

  It looks like the legacy v2 API did not allow empty string or None
  values for adminPass but that was regressed with the schema validation
  added to the changePassword API here:

  https://review.opendev.org/#/c/59598/

  And we can see from https://review.opendev.org/#/c/35625/ that an
  adminPass="" would not have been supported originally but was
  regressed in the schema change since there was no test for empty
  string at that the time of the schema addition.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1850437/+subscriptions