yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #91390
[Bug 2008341] [NEW] Lock, migrate, and unshelve server actions don't enforce request body schema for certain microversions
Public bug reported:
Description
===========
Basically $summary. For lock, migrate, and unshelve, we have decorators for validation schema that _start_ at a certain microversion (exact microversion varies), meaning anything below that is not checked. A client could send a request that is only valid in higher microversion, omit sending a microversion (probably by mistake), and be surprised when the request is accepted but not honoured.
Steps to reproduce
==================
1. Send a request with random stuff in the body
ex:
curl -g -i -X POST http://10.0.77.83/compute/v2.1/servers/a45ae810-89ef-44fb-b751-013a8740647b/action \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "User-Agent: python-novaclient" \
-H "X-Auth-Token: <snip>" \
-H "X-OpenStack-Nova-API-Version: 2.1" \
-d '{"lock": {"foo": "bar"}}'
OR
-d '{"migrate": {"foo": "bar"}}'
OR
-d '{"unshelve": {"foo": "bar"}}'
Expected result
===============
400 Bad Request (or similar)
Actual result
=============
HTTP/1.1 202 Accepted
Environment
===========
Reproduced on master with devstack+kvm. Originally reported on wallaby https://bugzilla.redhat.com/show_bug.cgi?id=2172851
Additional info
===============
I (manually, so there could be errors) went through the code, and those are the only 3 instances of this that I found. Every other API controller method correctly validates its request body across the entire range of the microversions where it's supported.
** Affects: nova
Importance: Undecided
Status: New
** Summary changed:
- Lock, migrate, and shelve server actions don't enforce request body schema for certain microversions
+ Lock, migrate, and unshelve server actions don't enforce request body schema for certain microversions
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/2008341
Title:
Lock, migrate, and unshelve server actions don't enforce request body
schema for certain microversions
Status in OpenStack Compute (nova):
New
Bug description:
Description
===========
Basically $summary. For lock, migrate, and unshelve, we have decorators for validation schema that _start_ at a certain microversion (exact microversion varies), meaning anything below that is not checked. A client could send a request that is only valid in higher microversion, omit sending a microversion (probably by mistake), and be surprised when the request is accepted but not honoured.
Steps to reproduce
==================
1. Send a request with random stuff in the body
ex:
curl -g -i -X POST http://10.0.77.83/compute/v2.1/servers/a45ae810-89ef-44fb-b751-013a8740647b/action \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "User-Agent: python-novaclient" \
-H "X-Auth-Token: <snip>" \
-H "X-OpenStack-Nova-API-Version: 2.1" \
-d '{"lock": {"foo": "bar"}}'
OR
-d '{"migrate": {"foo": "bar"}}'
OR
-d '{"unshelve": {"foo": "bar"}}'
Expected result
===============
400 Bad Request (or similar)
Actual result
=============
HTTP/1.1 202 Accepted
Environment
===========
Reproduced on master with devstack+kvm. Originally reported on wallaby https://bugzilla.redhat.com/show_bug.cgi?id=2172851
Additional info
===============
I (manually, so there could be errors) went through the code, and those are the only 3 instances of this that I found. Every other API controller method correctly validates its request body across the entire range of the microversions where it's supported.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/2008341/+subscriptions
Follow ups