Cinder

qos_specs create api allows whitespaces as name

Bug #1465967 reported by Pranali Deore on 2015-06-17

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Cinder	Fix Released	Undecided	Pranali Deore	Cinder 7.0.0 "liberty"

Bug Description

Steps to reproduce:

$ cinder qos-create " " testing=testing

Output:
+---------------+------------------------------------------------------------+
| Property | Value |
+---------------+------------------------------------------------------------+
| consumer | back-end |
| id | 2cff17f4-04ec-42e3-a26a-b0fe0edabf23|
| name | |
| specs | {u'testing': u'testing'} |
+---------------+----------------------------------------------------------- +

Only whitespaces shouldn't be allowed in the name of the qos_specs.

Pranali Deore (pranali-deore) on 2015-06-17

Changed in cinder:
assignee:	nobody → Pranali Deore (pranali-deore)

OpenStack Infra (hudson-openstack) on 2015-06-25

Changed in cinder:
assignee:	Pranali Deore (pranali-deore) → Amador Pahim (apahim)
status:	New → In Progress

Amador Pahim (apahim) on 2015-06-25

Changed in cinder:
status:	In Progress → Confirmed
status:	Confirmed → In Progress

Revision history for this message

Duncan Thomas (duncan-thomas) wrote on 2015-07-03:

Why shouldn't this be allowed?

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-07-06: Change abandoned on cinder (master)

Change abandoned by Amador Pahim (<email address hidden>) on branch: master
Review: https://review.openstack.org/195651
Reason: Abandoned in favour of https://review.openstack.org/#/c/194968

OpenStack Infra (hudson-openstack) on 2015-07-14

Changed in cinder:
assignee:	Amador Pahim (apahim) → Pranali Deore (pranali-deore)

OpenStack Infra (hudson-openstack) on 2015-07-24

Changed in cinder:
assignee:	Pranali Deore (pranali-deore) → Abhijeet Malawade (abhijeet-malawade)

Revision history for this message

Jay Bryant (jsbryant) wrote on 2015-07-24:

I feel like we have been through this question before on multiple name fields. Is this really a bug? What breaks if someone does this?

OpenStack Infra (hudson-openstack) on 2015-07-29

Changed in cinder:
assignee:	Abhijeet Malawade (abhijeet-malawade) → Pranali Deore (pranali-deore)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-08-15: Fix merged to cinder (master)

Reviewed: https://review.openstack.org/194968
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=cf67960607844ef3426cae4d6e2ab96f16187b99
Submitter: Jenkins
Branch: master

commit cf67960607844ef3426cae4d6e2ab96f16187b99
Author: PranaliDeore <email address hidden>
Date: Wed Jun 17 04:49:24 2015 -0700

Validate string, integer limit for input parameter

    1. Below apis will return 500 error code on passing name or description
       parameters with more than 255 characters:
       a. consisgroup-create
       b. consisgroup-update
       c. cgsnapshot-create
       d. quota-class-update
       e. quota-update
       f. qos-create
       g. volume-manage
       h. volume-transfer

    2. Below apis will return 500 error code on passing 'hard_limit' value
       greater than mysql INT type:
       a. quota-class-update
       b. quota-update
       c. encryption-type-create

    3. Below apis accept name as string with whitespaces:
       a. consisgroup-create
       b. cgsnapshot-create
       c. qos-create
       d. volume-transfer

4. Type-key api will return 500 error code on passing key or value with
more than 255 characters.

    Added new method
    1. validate_name_and_description() in
       cinder.api.openstack.wsgi.Controller to validate length of name and
       description and returned 400 if it exceeds the limit and removing
       leading or trailing whitespaces and string containing only
       whitespaces.
    2. validate_string_length() in cinder.api.openstack.wsgi.Controller to
       validate length of string and returned 400 if it exceeds the limit.
    3. validate_integer() method in cinder.utils to validate integer
       limit and returned 400 if limit exceeds.

    APIImpact
    1. For all above apis 400 response will be returned.
    2. Earlier it was possible to pass only whitespaces or leading-trailing
       spaces to 'name' parameters and 'key' while updating key-value in
       type-key api.
       Now it will raise 400 error if only whitespaces are passed and will
       remove leading-trailing spaces if present in other cases.

    Closes-Bug: 1466351
    Closes-Bug: 1463379
    Closes-Bug: 1465967
    Change-Id: I0c0029d61ba2b293b579d1afffec0bdf062b22a8

Reviewed:  https://review.openstack.org/194968
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=cf67960607844ef3426cae4d6e2ab96f16187b99
Submitter: Jenkins
Branch:    master

commit cf67960607844ef3426cae4d6e2ab96f16187b99
Author: PranaliDeore <pranali11.deore@nttdata.com>
Date:   Wed Jun 17 04:49:24 2015 -0700

Validate string, integer limit for input parameter
    
    1. Below apis will return 500 error code on passing name or description
       parameters with more than 255 characters:
       a. consisgroup-create
       b. consisgroup-update
       c. cgsnapshot-create
       d. quota-class-update
       e. quota-update
       f. qos-create
       g. volume-manage
       h. volume-transfer
    
    2. Below apis will return 500 error code on passing 'hard_limit' value
       greater than mysql INT type:
       a. quota-class-update
       b. quota-update
       c. encryption-type-create
    
    3. Below apis accept name as string with whitespaces:
       a. consisgroup-create
       b. cgsnapshot-create
       c. qos-create
       d. volume-transfer
    
    4. Type-key api will return 500 error code on passing key or value with
       more than 255 characters.
    
    Added new method
    1. validate_name_and_description() in
       cinder.api.openstack.wsgi.Controller to validate length of name and
       description and returned 400 if it exceeds the limit and removing
       leading or trailing whitespaces and string containing only
       whitespaces.
    2. validate_string_length() in cinder.api.openstack.wsgi.Controller to
       validate length of string and returned 400 if it exceeds the limit.
    3. validate_integer() method in cinder.utils to validate integer
       limit and returned 400 if limit exceeds.
    
    APIImpact
    1. For all above apis 400 response will be returned.
    2. Earlier it was possible to pass only whitespaces or leading-trailing
       spaces to 'name' parameters and 'key' while updating key-value in
       type-key api.
       Now it will raise 400 error if only whitespaces are passed and will
       remove leading-trailing spaces if present in other cases.
    
    Closes-Bug: 1466351
    Closes-Bug: 1463379
    Closes-Bug: 1465967
    Change-Id: I0c0029d61ba2b293b579d1afffec0bdf062b22a8

Changed in cinder:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2015-09-03

Changed in cinder:
milestone:	none → liberty-3
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2015-10-15

Changed in cinder:
milestone:	liberty-3 → 7.0.0

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.