Lease update api wrongly succeeds

Bug #1786014 reported by Neha Alhat
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Masahito Muroi

Bug Description

Instance reservation update request is accepted even if the value provided for disk_gb,
memory_mb, vcpus greater than the capacity of computehost.

Steps to reproduce:
1. blazar host-list
 | id | hypervisor_hostname | vcpus | memory_mb | local_gb |
 | 1 | <host-name> | 4 | 11941 | 91 |

2. update a lease with "memory_mb": 1194444 > 11941

curl -g -i -X PUT http://<host-ip>/reservation/v1/leases/c8239d51-96e1-4c4d-8bee-96c5574a32f0 -H "Accept: application/json" -H "Content-Type: application/json" -H "User-Agent: python-blazarclient" -H "X-Auth-Token: gAAAAABbanlmuoiRv5vQr-s3OV06HV2jLqwSwqleOxXu2lTNHpkvWZboXBg-d0Pd8Xw-NeHLcYuA7mgkpCHNDQ6k3qVJKHJKPFz0N3y-kHokpYuZiierZmigwxlY6AIZWyEQ5xqGtgr2HjfiT_HowiFqldqM_P1P3vguIzOt6uaPSaSRKMAp_j8" -d '{"reservations": [{"id": "1f58aa47-0b34-42c9-af6f-0a6535cbb1dd","memory_mb": 1194444}]}'

Expected result:
It should not allow to update greater than capacity available.

Actual result:
Blazar server doesn't return any error and accept the update request also successfully updates DB.

Revision history for this message
Pierre Riteau (priteau) wrote :

This might be resolved by the fix implemented for #1786007, need to test. We should write a Tempest test for this.

Pierre Riteau (priteau)
Changed in blazar:
assignee: nobody → Masahito Muroi (muroi-masahito)
importance: Undecided → Medium
milestone: none → stein-1
Revision history for this message
Bertrand Souville (souville) wrote :

I could not reproduce this bug (master branch) but still I agree that some work is needed e.g. by adding more test cases, improving/drafting missing documentation on both server and client sides

Pierre Riteau (priteau)
Changed in blazar:
milestone: stein-1 → stein-2
Pierre Riteau (priteau)
Changed in blazar:
milestone: stein-2 → stein-3
Pierre Riteau (priteau)
Changed in blazar:
milestone: stein-3 → train-1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.