Lease update api wrongly succeeds

Bug #1786014 reported by Neha Alhat on 2018-08-08
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Masahito Muroi

Bug Description

Instance reservation update request is accepted even if the value provided for disk_gb,
memory_mb, vcpus greater than the capacity of computehost.

Steps to reproduce:
1. blazar host-list
 | id | hypervisor_hostname | vcpus | memory_mb | local_gb |
 | 1 | <host-name> | 4 | 11941 | 91 |

2. update a lease with "memory_mb": 1194444 > 11941

curl -g -i -X PUT http://<host-ip>/reservation/v1/leases/c8239d51-96e1-4c4d-8bee-96c5574a32f0 -H "Accept: application/json" -H "Content-Type: application/json" -H "User-Agent: python-blazarclient" -H "X-Auth-Token: gAAAAABbanlmuoiRv5vQr-s3OV06HV2jLqwSwqleOxXu2lTNHpkvWZboXBg-d0Pd8Xw-NeHLcYuA7mgkpCHNDQ6k3qVJKHJKPFz0N3y-kHokpYuZiierZmigwxlY6AIZWyEQ5xqGtgr2HjfiT_HowiFqldqM_P1P3vguIzOt6uaPSaSRKMAp_j8" -d '{"reservations": [{"id": "1f58aa47-0b34-42c9-af6f-0a6535cbb1dd","memory_mb": 1194444}]}'

Expected result:
It should not allow to update greater than capacity available.

Actual result:
Blazar server doesn't return any error and accept the update request also successfully updates DB.

Pierre Riteau (priteau) wrote :

This might be resolved by the fix implemented for #1786007, need to test. We should write a Tempest test for this.

Pierre Riteau (priteau) on 2018-09-10
Changed in blazar:
assignee: nobody → Masahito Muroi (muroi-masahito)
importance: Undecided → Medium
milestone: none → stein-1
Bertrand Souville (souville) wrote :

I could not reproduce this bug (master branch) but still I agree that some work is needed e.g. by adding more test cases, improving/drafting missing documentation on both server and client sides

Pierre Riteau (priteau) on 2018-10-23
Changed in blazar:
milestone: stein-1 → stein-2
Pierre Riteau (priteau) on 2019-01-10
Changed in blazar:
milestone: stein-2 → stein-3
Pierre Riteau (priteau) on 2019-04-15
Changed in blazar:
milestone: stein-3 → train-1
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers