yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #81884
[Bug 1865040] Re: Able to show update and delete aggregate with invalid id
Reviewed: https://review.opendev.org/710214
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=2e70a1717f25652912886cbefa3f40e6df908c00
Submitter: Zuul
Branch: master
commit 2e70a1717f25652912886cbefa3f40e6df908c00
Author: Johannes Kulik <johannes.kulik@xxxxxxx>
Date: Thu Feb 27 08:08:32 2020 +0100
Validate id as integer for os-aggregates
According to the api-ref, the id passed to calls in os-aggregates is
supposed to be an integer. No function validated this, so any value
passed to these functions would directly reach the DB. While this is
fine for SQLite, making a query with a string for an integer column on
other databases like PostgreSQL results in a DBError exception and thus
a HTTP 500 instead of 400 or 404.
This commit adds validation for the id parameter the same way it's
already done for other endpoints.
Closes-Bug: 1865040
Change-Id: I83817f7301680801beaee375825f02eda526eda1
** Changed in: nova
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1865040
Title:
Able to show update and delete aggregate with invalid id
Status in OpenStack Compute (nova):
Fix Released
Bug description:
Description
===========
Able to show, update and delete the aggregate with invalid id. Invalid id means it will start with the same id but appended with some alphanumeric string(ex - actual_id: 5 invalid_id: 5abcd or invalid_id: 5abcd123).
This issue is only with actual_id appended with alphanumeric value
started with alphabets not with numbers.
The aggregate id which is being received on routes is not converting
to integer anywhere in the code and later it gets transfer to db ,
which truncates the appended string with original id -
ex below warning -
/usr/local/lib/python2.7/dist-packages/pymysql/cursors.py:166:
Warning: (1292, u"Truncated incorrect DOUBLE value: '6abcd123'")
There are ways to change the setting and convert the warning into
error but the code should handle such situation and raise an exception
with proper error message.
Steps to reproduce
==================
1. Create an aggregate -
+----+----------+-------------------+
| ID | Name | Availability Zone |
+----+----------+-------------------+
| 5 | new_name | None |
+----+----------+-------------------+
2. Get the above created aggregate with a wrong id Ex - 5abcd (started
with correct id but appended with some alphabets)
curl -g -i -X GET http://192.168.56.5:8774/v2.1/os-aggregates/5abcd -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-Auth-Token: $TOKEN"HTTP/1.1 200 OK
Content-Length: 226
Content-Type: application/json
Openstack-Api-Version: compute 2.1
X-Openstack-Nova-Api-Version: 2.1
Vary: OpenStack-API-Version
Vary: X-OpenStack-Nova-API-Version
X-Compute-Request-Id: req-c76d66ad-c4ce-430a-bcd5-a5ec5e962d2e
Date: Thu, 27 Feb 2020 13:44:07 GMT
{"aggregate": {"name": "new_name", "availability_zone": null,
"deleted": false, "created_at": "2020-02-27T13:34:00.000000",
"updated_at": "2020-02-27T13:41:14.000000", "hosts": [], "deleted_at":
null, "id": 5, "metadata":
{}}}stack@a:~/nova/nova/api/openstack/compute$
3. Update the above created aggregate with a wrong id Ex - 5abcd
(started with correct id but appended with some alphabets) -
Response (0.169s) - http://192.168.56.5:8774/v2.1/os-aggregates/5abcd
200 OK
{
"aggregate": {
"name": "new_updated",
"availability_zone": null,
"deleted": false,
"created_at": "2020-02-27T13:34:00.000000",
"updated_at": "2020-02-27T13:45:17.542075",
"hosts": [],
"deleted_at": null,
"id": 5,
"metadata": {}
}
}
4. Delete the above created aggregate with a wrong id Ex - 5abcd
(started with correct id but appended with some alphabets) -
curl -g -i -X DELETE http://192.168.56.5:8774/v2.1/os-aggregates/5abcd -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-Auth-Token: $TOKEN"
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: application/json
Openstack-Api-Version: compute 2.1
X-Openstack-Nova-Api-Version: 2.1
Vary: OpenStack-API-Version
Vary: X-OpenStack-Nova-API-Version
X-Compute-Request-Id: req-8d4a2d57-934b-4c66-9a48-9e114b1b4e9f
Date: Thu, 27 Feb 2020 13:46:10 GMT
Expected result
===============
Show, update and delete should not work for invalid id (mentioned in summary).
Actual result
=============
Show, update and delete is working for invalid id (mentioned in summary).
Environment
===========
1. Openstack Release - Ocata
2. Hypervisor - QEMU
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1865040/+subscriptions
References