Reviewed: https://review.openstack.org/420272 Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=c17772e1f202c9ffb651adc3299a1990c35766f3 Submitter: Jenkins Branch: master
commit c17772e1f202c9ffb651adc3299a1990c35766f3 Author: Matt Riedemann <[email protected]> Date: Fri Jan 13 21:42:07 2017 -0500 placement: validate member_of values are uuids The 1.3 microversion adds the member_of query parameter for listing resource providers which are members of one or more aggregates based on the aggregate uuids. However the REST API handler code is simply parsing and passing the member_of values through to the object code which is doing a SQL IN statement which will result in no resource providers if an invalidate aggregate uuid is provided, i.e. not actually a uuid. This patch adds simple uuid validation to the handler code that's parsing the member_of query parameter. Change-Id: I912f731e0d75979aea0a0f22c15e6cfb84a95050 Closes-Bug: #1656482 ** Changed in: nova Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1656482 Title: GET /resource_providers?member_of does not validate the value is a uuid Status in OpenStack Compute (nova): Fix Released Bug description: The 1.3 microversion of the placement API adds a member_of query string parameter to the /resource_providers handler and the values are meant to be aggregate uuids, but the REST API handler code simply parses the query string and passes the filter through to the DB API query code, which is doing a simple aggregate.uuid IN [values] query. For something that's not a uuid it's just going to result in no results and return an empty list, but the REST API should be stricter about the actual member_of values being uuids. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1656482/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
