[Yahoo-eng-team] [Bug 1701451] Re: some legacy v2 API lose the protection of json-schema
** Also affects: nova/newton Importance: Undecided Status: New ** Changed in: nova/newton Status: New => In Progress ** Tags added: api ** Changed in: nova/newton Importance: Undecided => Medium ** Changed in: nova/newton Assignee: (unassigned) => Alex Xu (xuhj) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1701451 Title: some legacy v2 API lose the protection of json-schema Status in OpenStack Compute (nova): Fix Released Status in OpenStack Compute (nova) newton series: In Progress Status in OpenStack Compute (nova) ocata series: In Progress Bug description: The JSON-Schema support to validate the input for the legacy v2 compatible mode, and for the legacy v2 request, it won't return 400 for extra invalid parameters, instead by filter the extra parameters out of the input body to protect the API break by the extra parameters. https://github.com/openstack/nova/blob/68bbddd8aea8f8b2d671e0d675524a1e568eb773/nova/api/openstack/compute/evacuate.py#L75 https://github.com/openstack/nova/blob/68bbddd8aea8f8b2d671e0d675524a1e568eb773/nova/api/openstack/compute/migrate_server.py#L66 https://github.com/openstack/nova/blob/68bbddd8aea8f8b2d671e0d675524a1e568eb773/nova/api/openstack/compute/server_groups.py#L166 Those should be fixed to cover the legacy v2 request, and back-port the fix. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1701451/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1701451] Re: some legacy v2 API lose the protection of json-schema
** Also affects: nova/ocata Importance: Undecided Status: New ** Changed in: nova Assignee: Matt Riedemann (mriedem) => Alex Xu (xuhj) ** Changed in: nova/ocata Status: New => In Progress ** Changed in: nova/ocata Importance: Undecided => Critical ** Changed in: nova/ocata Importance: Critical => Medium ** Changed in: nova Importance: Undecided => Medium ** Changed in: nova/ocata Assignee: (unassigned) => Alex Xu (xuhj) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1701451 Title: some legacy v2 API lose the protection of json-schema Status in OpenStack Compute (nova): Fix Released Status in OpenStack Compute (nova) ocata series: In Progress Bug description: The JSON-Schema support to validate the input for the legacy v2 compatible mode, and for the legacy v2 request, it won't return 400 for extra invalid parameters, instead by filter the extra parameters out of the input body to protect the API break by the extra parameters. https://github.com/openstack/nova/blob/68bbddd8aea8f8b2d671e0d675524a1e568eb773/nova/api/openstack/compute/evacuate.py#L75 https://github.com/openstack/nova/blob/68bbddd8aea8f8b2d671e0d675524a1e568eb773/nova/api/openstack/compute/migrate_server.py#L66 https://github.com/openstack/nova/blob/68bbddd8aea8f8b2d671e0d675524a1e568eb773/nova/api/openstack/compute/server_groups.py#L166 Those should be fixed to cover the legacy v2 request, and back-port the fix. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1701451/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1701451] Re: some legacy v2 API lose the protection of json-schema
Reviewed: https://review.openstack.org/479170 Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=aaeea4bf39377c4109f6b2857794ee0e7d51e786 Submitter: Jenkins Branch:master commit aaeea4bf39377c4109f6b2857794ee0e7d51e786 Author: He Jie Xu Date: Fri Jun 30 14:47:20 2017 +0800 Ensure the JSON-Schema covers the legacy v2 API The legacy v2 API compatible mode support the protection of JSON-Schema. The input body will be validated with JSON-Schema, and the extra invalid parameters will be filtered out of the input body instead of return HTTPBadRequest 400. But some of API are missing that protection, the JSON-Schema validation was limited to the v2.1 API. This patch ensures those schema covers the legacy v2 API. Change-Id: Ie165b2a79efd56a299d2d4ebe40a6904a340414f Closes-Bug: #1701451 ** Changed in: nova Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1701451 Title: some legacy v2 API lose the protection of json-schema Status in OpenStack Compute (nova): Fix Released Bug description: The JSON-Schema support to validate the input for the legacy v2 compatible mode, and for the legacy v2 request, it won't return 400 for extra invalid parameters, instead by filter the extra parameters out of the input body to protect the API break by the extra parameters. https://github.com/openstack/nova/blob/68bbddd8aea8f8b2d671e0d675524a1e568eb773/nova/api/openstack/compute/evacuate.py#L75 https://github.com/openstack/nova/blob/68bbddd8aea8f8b2d671e0d675524a1e568eb773/nova/api/openstack/compute/migrate_server.py#L66 https://github.com/openstack/nova/blob/68bbddd8aea8f8b2d671e0d675524a1e568eb773/nova/api/openstack/compute/server_groups.py#L166 Those should be fixed to cover the legacy v2 request, and back-port the fix. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1701451/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
