watcher

Can create Audit with invalid parameters

Bug #1532843 reported by Vincent Françoise on 2016-01-11

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	python-watcherclient	Fix Released	Low	Alexander Chadin	python-watcherclient newton-1 "n1"
	watcher	Fix Released	Low	Alexander Chadin	watcher newton-1 "n1"

Bug Description

If you are making a POST to http://10.50.0.201:9322/v1/audits/ to create an audit, you can specify any audit_type and it will still create.

We should be able to validate the data that is sent upon creating an Audit to make sure all the fields are valid.

Also note that a wrong audit_template_uuid is only detected when inserting the data into the database

Note
====

There are Tempest tests that are currently skipped because of this bug. So they will have to be re-enabled as we get this fixed

See original description

Tags:

Vincent Françoise (vincent-francoise) on 2016-01-11

tags:

added: low-hanging-fruit

Vincent Françoise (vincent-francoise) on 2016-01-12

summary:

- Can create Audit with invalid type
+ Can create Audit with invalid parameters

Vincent Françoise (vincent-francoise) on 2016-01-12

Changed in watcher:
status:	New → Confirmed

Antoine Cabot (antoinecabot) on 2016-01-18

Changed in watcher:
milestone:	none → mitaka-3
importance:	Undecided → Low

Vincent Françoise (vincent-francoise) on 2016-02-01

description:

updated

Hristo Paskalev (hpaskalev) on 2016-02-10

Changed in watcher:
assignee:	nobody → Hristo Paskalev (h-paskalev)
status:	Confirmed → In Progress

Revision history for this message

Hristo Paskalev (hpaskalev) wrote on 2016-02-12:

Here is my first attempt at this one. Leaving it here for a review.

https://github.com/hpaskalev/watcher/commit/d19bd4f83b243853e305cd3fd0590d20008eabaa

Revision history for this message

Vincent Françoise (vincent-francoise) wrote on 2016-02-15:

Hi Hristo!

First of all, I would like to thank you for contributing to Watcher! Since your account on Launchpad is quite new, I believe you are not familiar the overall OpenStack review process. The actual way for you to contribute to any OpenStack project (including ours) is described at http://docs.openstack.org/infra/manual/developers.html#getting-started.
If you have any issue on how to set up this environment, please do not hesitate to contact us on IRC (irc.freenode.net) on the #openstack-watcher channel.

In the meantime I'll do a quick review onto your fork of Watcher :)

Revision history for this message

Vincent Françoise (vincent-francoise) wrote on 2016-02-19:

Hi Hristo,

I am fixing another bug in https://review.openstack.org/282395 and it is actually quite close from what I told you on you github commit. So you can use this a basis to include your fix.

Revision history for this message

Hristo Paskalev (hpaskalev) wrote on 2016-02-19:

Hello Vincent,

Thanks for the heads up. I actually ended doing something similar, as I figured that PostType validation would be needed.
I guess I can rebase on this one once that it's merged, and make some adjustments to my fix .

Antoine Cabot (antoinecabot) on 2016-03-04

Changed in watcher:
milestone:	mitaka-3 → mitaka-rc-1

Revision history for this message

Vincent Françoise (vincent-francoise) wrote on 2016-03-14:

Hi Hristo,

Are you still working on this bug? If so, can you push your code onto review.openstack.org so we can review it ;)
If not, would you mind unassigning yourself?

If you need some help, feel free to come onto #openstack-watcher, we'll be more than happy to help you out.

Revision history for this message

Hristo Paskalev (hpaskalev) wrote on 2016-03-14:

Sorry, I haven't got back to this one yet. I guess it would be better if I un-assign myself from it as I don't think I'll have the time to finish it these days.

Changed in watcher:
assignee:	Hristo Paskalev (hpaskalev) → nobody

Antoine Cabot (antoinecabot) on 2016-03-22

Changed in watcher:
milestone:	mitaka-rc-1 → mitaka-rc-final

Antoine Cabot (antoinecabot) on 2016-03-30

Changed in watcher:
milestone:	mitaka-rc-final → newton-1

Vincent Françoise (vincent-francoise) on 2016-04-05

Changed in watcher:
status:	In Progress → Triaged

Alexander Chadin (joker946) on 2016-04-05

Changed in watcher:
assignee:	nobody → Alexander Chadin (joker946)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-04-06: Related fix proposed to watcher (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/302293

Alexander Chadin (joker946) on 2016-04-11

Changed in python-watcherclient:
assignee:	nobody → Alexander Chadin (joker946)

OpenStack Infra (hudson-openstack) on 2016-04-13

Changed in watcher:
status:	Triaged → In Progress

Alexander Chadin (joker946) on 2016-04-13

Changed in python-watcherclient:
status:	New → In Progress
importance:	Undecided → Low
milestone:	none → newton

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-04-14: Related fix proposed to python-watcherclient (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/305846

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-04-19: Fix merged to watcher (master)

Reviewed: https://review.openstack.org/302293
Committed: https://git.openstack.org/cgit/openstack/watcher/commit/?id=e52dc4f8aab349ae595eda0abf5e030f4fe59d5e
Submitter: Jenkins
Branch: master

commit e52dc4f8aab349ae595eda0abf5e030f4fe59d5e
Author: Alexander Chadin <email address hidden>
Date: Wed Apr 6 17:42:06 2016 +0300

Add parameters verification when Audit is being created

We have to check Audit Type and Audit State to make sure
these parameters are in valid status.

Also, we provide default states for the next attributes:

    - 'audit_template' is required and should be either UUID or text field
    - 'state' is readonly so it raises an error if submitted in POST
      and is set by default to PENDING
    - 'deadline' is optional and should be a datetime
    - 'type' is a required text field

    Change-Id: I2a7e0deec0ee2040e86400b500bb0efd8eade564
    Closes-Bug: #1532843
    Closes-Bug: #1533210

Changed in watcher:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-04-19: Related fix merged to python-watcherclient (master)

#10

Reviewed: https://review.openstack.org/305846
Committed: https://git.openstack.org/cgit/openstack/python-watcherclient/commit/?id=0aaaf132789d977da0796b09b78a6d96a03d3a63
Submitter: Jenkins
Branch: master

commit 0aaaf132789d977da0796b09b78a6d96a03d3a63
Author: Alexander Chadin <email address hidden>
Date: Thu Apr 14 16:13:07 2016 +0300

Add audit-template name checking in CLI

    This patch set allows to send audit_template_uuid as uuid type only.
    If audit_template argument given as name, watcherclient will send request
    to get audit template uuid.

Change-Id: Idf5f07ca08f2e5d871dc2163c32fbda9ed338a99
Related-Bug: #1532843

Alexander Chadin (joker946) on 2016-04-19

Changed in python-watcherclient:
status:	In Progress → Fix Released

Revision history for this message

Doug Hellmann (doug-hellmann) wrote on 2016-06-06: Fix included in openstack/watcher 0.27.0

#11

This issue was fixed in the openstack/watcher 0.27.0 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.