Reviewed: https://review.opendev.org/710214 Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=2e70a1717f25652912886cbefa3f40e6df908c00 Submitter: Zuul Branch: master
commit 2e70a1717f25652912886cbefa3f40e6df908c00 Author: Johannes Kulik <[email protected]> Date: Thu Feb 27 08:08:32 2020 +0100 Validate id as integer for os-aggregates According to the api-ref, the id passed to calls in os-aggregates is supposed to be an integer. No function validated this, so any value passed to these functions would directly reach the DB. While this is fine for SQLite, making a query with a string for an integer column on other databases like PostgreSQL results in a DBError exception and thus a HTTP 500 instead of 400 or 404. This commit adds validation for the id parameter the same way it's already done for other endpoints. Closes-Bug: 1865040 Change-Id: I83817f7301680801beaee375825f02eda526eda1 ** Changed in: nova Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1865040 Title: Able to show update and delete aggregate with invalid id Status in OpenStack Compute (nova): Fix Released Bug description: Description =========== Able to show, update and delete the aggregate with invalid id. Invalid id means it will start with the same id but appended with some alphanumeric string(ex - actual_id: 5 invalid_id: 5abcd or invalid_id: 5abcd123). This issue is only with actual_id appended with alphanumeric value started with alphabets not with numbers. The aggregate id which is being received on routes is not converting to integer anywhere in the code and later it gets transfer to db , which truncates the appended string with original id - ex below warning - /usr/local/lib/python2.7/dist-packages/pymysql/cursors.py:166: Warning: (1292, u"Truncated incorrect DOUBLE value: '6abcd123'") There are ways to change the setting and convert the warning into error but the code should handle such situation and raise an exception with proper error message. Steps to reproduce ================== 1. Create an aggregate - +----+----------+-------------------+ | ID | Name | Availability Zone | +----+----------+-------------------+ | 5 | new_name | None | +----+----------+-------------------+ 2. Get the above created aggregate with a wrong id Ex - 5abcd (started with correct id but appended with some alphabets) curl -g -i -X GET http://192.168.56.5:8774/v2.1/os-aggregates/5abcd -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-Auth-Token: $TOKEN"HTTP/1.1 200 OK Content-Length: 226 Content-Type: application/json Openstack-Api-Version: compute 2.1 X-Openstack-Nova-Api-Version: 2.1 Vary: OpenStack-API-Version Vary: X-OpenStack-Nova-API-Version X-Compute-Request-Id: req-c76d66ad-c4ce-430a-bcd5-a5ec5e962d2e Date: Thu, 27 Feb 2020 13:44:07 GMT {"aggregate": {"name": "new_name", "availability_zone": null, "deleted": false, "created_at": "2020-02-27T13:34:00.000000", "updated_at": "2020-02-27T13:41:14.000000", "hosts": [], "deleted_at": null, "id": 5, "metadata": {}}}stack@a:~/nova/nova/api/openstack/compute$ 3. Update the above created aggregate with a wrong id Ex - 5abcd (started with correct id but appended with some alphabets) - Response (0.169s) - http://192.168.56.5:8774/v2.1/os-aggregates/5abcd 200 OK { "aggregate": { "name": "new_updated", "availability_zone": null, "deleted": false, "created_at": "2020-02-27T13:34:00.000000", "updated_at": "2020-02-27T13:45:17.542075", "hosts": [], "deleted_at": null, "id": 5, "metadata": {} } } 4. Delete the above created aggregate with a wrong id Ex - 5abcd (started with correct id but appended with some alphabets) - curl -g -i -X DELETE http://192.168.56.5:8774/v2.1/os-aggregates/5abcd -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-Auth-Token: $TOKEN" HTTP/1.1 200 OK Content-Length: 0 Content-Type: application/json Openstack-Api-Version: compute 2.1 X-Openstack-Nova-Api-Version: 2.1 Vary: OpenStack-API-Version Vary: X-OpenStack-Nova-API-Version X-Compute-Request-Id: req-8d4a2d57-934b-4c66-9a48-9e114b1b4e9f Date: Thu, 27 Feb 2020 13:46:10 GMT Expected result =============== Show, update and delete should not work for invalid id (mentioned in summary). Actual result ============= Show, update and delete is working for invalid id (mentioned in summary). Environment =========== 1. Openstack Release - Ocata 2. Hypervisor - QEMU To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1865040/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
