← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #91492

[Bug 2008341] Re: Lock, migrate, and unshelve server actions don't enforce request body schema for certain microversions

  Thread PreviousDate PreviousThread Next 
Well, it was still a _mistake_, but it's been out in the wild long
enough that we can't retroactively fix it without breaking someone's
scripts, so we have to leave it as is, unfortunately :(

** Changed in: nova
       Status: In Progress => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/2008341

Title:
  Lock, migrate, and unshelve server actions don't enforce  request body
  schema for certain microversions

Status in OpenStack Compute (nova):
  Won't Fix

Bug description:
  Description
  ===========
  Basically $summary. For lock, migrate, and unshelve, we have decorators for validation schema that _start_ at a certain microversion (exact microversion varies), meaning anything below that is not checked. A client could send a request that is only valid in higher microversion, omit sending a microversion (probably by mistake), and be surprised when the request is accepted but not honoured.

  Steps to reproduce
  ==================
  1. Send a request with random stuff in the body
  ex:

  curl -g -i -X POST http://10.0.77.83/compute/v2.1/servers/a45ae810-89ef-44fb-b751-013a8740647b/action \
    -H "Accept: application/json" \
    -H "Content-Type: application/json" \
    -H "User-Agent: python-novaclient" \
    -H "X-Auth-Token: <snip>" \
    -H "X-OpenStack-Nova-API-Version: 2.1" \
    -d '{"lock": {"foo": "bar"}}'

  OR

    -d '{"migrate": {"foo": "bar"}}'

  OR

    -d '{"unshelve": {"foo": "bar"}}'

  Expected result
  ===============
  400 Bad Request (or similar)

  Actual result
  =============
  HTTP/1.1 202 Accepted

  Environment
  ===========
  Reproduced on master with devstack+kvm. Originally reported on wallaby https://bugzilla.redhat.com/show_bug.cgi?id=2172851

  Additional info
  ===============
  I (manually, so there could be errors) went through the code, and those are the only 3 instances of this that I found. Every other API controller method correctly validates its request body across the entire range of the microversions where it's supported.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/2008341/+subscriptions

References

  Thread PreviousDate PreviousThread Next