neutron

No validation for session-persistance when creating a VIP.

Bug #1104110 reported by Roman Prykhodchenko on 2013-01-24

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	Undecided	Roman Prykhodchenko	neutron 2013.1 "grizzly"

Bug Description

LBaaS API specification contains wrong validation rule for VIPs' session-persistence:

    'session_persistence': {'allow_post': True, 'allow_put': True,
                            'default': {},
                            'validate': {'type:dict': None},
                            'is_visible': True}

The rule specifies the only constraint for a supplied value to be a dictionary. However, the schema of the database defines strict constraints for SessionPersistence objects:

    type = sa.Column(sa.Enum("SOURCE_IP",
                             "HTTP_COOKIE",
                             "APP_COOKIE",
                             name="sesssionpersistences_type")

According to the constraint above 'type' is mandatory for SessionPersistence objects and it has to be equal to "SOURCE_IP", "HTTP_COOKIE" or "APP_COOKIE". The extension, however, does not check whether type is specified in the request and is equal to one of the allowed values. This causes an IntergityError to be thrown by the database and a user gets an Internal server error, if wrong type was specified.

See original description

Tags:

Roman Prykhodchenko (romcheg) on 2013-01-24

description:	updated
description:	updated
description:	updated

Avishay Balderman (avishayb) on 2013-01-24

Changed in quantum:
assignee:	nobody → Avishay Balderman (avishayb)

Revision history for this message

Avishay Balderman (avishayb) wrote on 2013-01-24:

If those constaraints could be defined ONLY ONCE we could skip this bug and more bugs from this 'family' in the future.

Revision history for this message

Roman Prykhodchenko (romcheg) wrote on 2013-01-25:

I have prepaired a patch for advanced validation of dict values for the API. I think it's reasonable to use it to fix this issue.

Changed in quantum:
assignee:	Avishay Balderman (avishayb) → Roman Prykhodchenko (prykhodchenko)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-01-25: Fix proposed to quantum (master)

Fix proposed to branch: master
Review: https://review.openstack.org/20487

Changed in quantum:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-02-13: Fix merged to quantum (master)

Reviewed: https://review.openstack.org/20487
Committed: http://github.com/openstack/quantum/commit/a5c101da4bd6371fdc116690ef0c354868a571b0
Submitter: Jenkins
Branch: master

commit a5c101da4bd6371fdc116690ef0c354868a571b0
Author: Roman Prykhodchenko <email address hidden>
Date: Fri Jan 25 17:44:21 2013 +0200

Support advanced validation of dictionaries in the API.

This change allows to specify constraints for individual keys in
dictionaries in the specification of the API resources.

Introduces type:dict_or_none validator that allows to skip
validation of a dictionary if a None value was supplied.

Adds constraints for session persistance parameters to the API.

Disables specifying cookie_name for session persistence, if
the type is set to HTTP_COOKIE or SOURCE_IP.

Fixes: bug #1104110

Change-Id: I62068deed449967949eaba9259028c88dd6974f8

Changed in quantum:
status:	In Progress → Fix Committed

Akihiro Motoki (amotoki) on 2013-02-21

Changed in quantum:
milestone:	none → grizzly-3

Thierry Carrez (ttx) on 2013-02-21

Changed in quantum:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2013-04-04

Changed in quantum:
milestone:	grizzly-3 → 2013.1

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.