← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 2008341] [NEW] Lock, migrate, and unshelve server actions don't enforce request body schema for certain microversions

 

Public bug reported:

Description
===========
Basically $summary. For lock, migrate, and unshelve, we have decorators for validation schema that _start_ at a certain microversion (exact microversion varies), meaning anything below that is not checked. A client could send a request that is only valid in higher microversion, omit sending a microversion (probably by mistake), and be surprised when the request is accepted but not honoured.

Steps to reproduce
==================
1. Send a request with random stuff in the body
ex:

curl -g -i -X POST http://10.0.77.83/compute/v2.1/servers/a45ae810-89ef-44fb-b751-013a8740647b/action \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -H "User-Agent: python-novaclient" \
  -H "X-Auth-Token: <snip>" \
  -H "X-OpenStack-Nova-API-Version: 2.1" \
  -d '{"lock": {"foo": "bar"}}'

OR

  -d '{"migrate": {"foo": "bar"}}'

OR

  -d '{"unshelve": {"foo": "bar"}}'

Expected result
===============
400 Bad Request (or similar)

Actual result
=============
HTTP/1.1 202 Accepted

Environment
===========
Reproduced on master with devstack+kvm. Originally reported on wallaby https://bugzilla.redhat.com/show_bug.cgi?id=2172851

Additional info
===============
I (manually, so there could be errors) went through the code, and those are the only 3 instances of this that I found. Every other API controller method correctly validates its request body across the entire range of the microversions where it's supported.

** Affects: nova
     Importance: Undecided
         Status: New

** Summary changed:

- Lock, migrate, and shelve server actions don't enforce  request body schema for certain microversions
+ Lock, migrate, and unshelve server actions don't enforce  request body schema for certain microversions

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/2008341

Title:
  Lock, migrate, and unshelve server actions don't enforce  request body
  schema for certain microversions

Status in OpenStack Compute (nova):
  New

Bug description:
  Description
  ===========
  Basically $summary. For lock, migrate, and unshelve, we have decorators for validation schema that _start_ at a certain microversion (exact microversion varies), meaning anything below that is not checked. A client could send a request that is only valid in higher microversion, omit sending a microversion (probably by mistake), and be surprised when the request is accepted but not honoured.

  Steps to reproduce
  ==================
  1. Send a request with random stuff in the body
  ex:

  curl -g -i -X POST http://10.0.77.83/compute/v2.1/servers/a45ae810-89ef-44fb-b751-013a8740647b/action \
    -H "Accept: application/json" \
    -H "Content-Type: application/json" \
    -H "User-Agent: python-novaclient" \
    -H "X-Auth-Token: <snip>" \
    -H "X-OpenStack-Nova-API-Version: 2.1" \
    -d '{"lock": {"foo": "bar"}}'

  OR

    -d '{"migrate": {"foo": "bar"}}'

  OR

    -d '{"unshelve": {"foo": "bar"}}'

  Expected result
  ===============
  400 Bad Request (or similar)

  Actual result
  =============
  HTTP/1.1 202 Accepted

  Environment
  ===========
  Reproduced on master with devstack+kvm. Originally reported on wallaby https://bugzilla.redhat.com/show_bug.cgi?id=2172851

  Additional info
  ===============
  I (manually, so there could be errors) went through the code, and those are the only 3 instances of this that I found. Every other API controller method correctly validates its request body across the entire range of the microversions where it's supported.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/2008341/+subscriptions



Follow ups