Fuel for OpenStack

There is no validation for POST request on "fuel role --create"

Bug #1619486 reported by Sergey Kreys
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Fuel for OpenStack
Fix Released
High
Vitalii Kulanov
Fuel for OpenStack 9.1

Bug Description

Problem:
There is no any validation for role create operation.
As an impact, user can create role with invalid volumes_roles_mapping.

Same issue for role update operation: https://bugs.launchpad.net/fuel/+bug/1467097

Steps to reproduce:
Almost same as in bug #1467097:
Over fuel cli:
Create file with role description, invalidvolumes.yaml (you can dowload some existing role for template);
Modify created file: set "id" value at the "volumes_roles_mapping" to something incorrect, for ex.: "id: blabla";
Create new role with the command:
fuel role --rel 2 --role invalidvolumes --create --file invalidvolumes.yaml

Expected Result:
400 bad request

Actual result:
Role with invalid volume is successfully created:
# fuel role --create --release 2 --role invalidvolumes --file invalidvolumes.yaml
Role invalidvolumes successfully created from invalidvolumes.yaml.

Reproducibility: always

Workaround: no

Vitalii Kulanov (vitaliy-t)
Changed in fuel:
assignee: nobody → Vitalii Kulanov (vitaliy-t)
Vitalii Kulanov (vitaliy-t)
tags: added: area-python
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-web (master)

Fix proposed to branch: master
Review: https://review.openstack.org/365321

Changed in fuel:
status: New → In Progress
Alexey Shtokolov (ashtokolov)
Changed in fuel:
importance: Undecided → High
milestone: none → 9.1
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-web (master)

Reviewed: https://review.openstack.org/365321
Committed: https://git.openstack.org/cgit/openstack/fuel-web/commit/?id=a3cd0ea0708e6c532bdcea0ac260c913bddd92f4
Submitter: Jenkins
Branch: master

commit a3cd0ea0708e6c532bdcea0ac260c913bddd92f4
Author: tivaliy <email address hidden>
Date: Sun Sep 4 12:24:23 2016 +0300

    Align create role validate procedure

    Now, in Nailgun, there is a 'weak' create role
    validation procedure that only validates JSON schema.
    Meanwhile, 'volumes_roles_mapping' ids are not validated,
    that allows create roles with wrong 'volumes_roles_mapping'
    metadata. This patch:
      * fixes validate procedure of 'volumes_roles_mapping' ids
        while creating a new role
      * moves validate code for already existed roles from handler
        to validator

    Change-Id: Ib040b9bde0f2a54323a36c8e3c2d01716282cbdc
    Closes-Bug: 1619486

Changed in fuel:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-web (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/367983

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-web (stable/mitaka)

Reviewed: https://review.openstack.org/367983
Committed: https://git.openstack.org/cgit/openstack/fuel-web/commit/?id=deca4979ee36fc3dfe14ff029c325a6e497e50f2
Submitter: Jenkins
Branch: stable/mitaka

commit deca4979ee36fc3dfe14ff029c325a6e497e50f2
Author: tivaliy <email address hidden>
Date: Sun Sep 4 12:24:23 2016 +0300

    Align create role validate procedure

    Now, in Nailgun, there is a 'weak' create role
    validation procedure that only validates JSON schema.
    Meanwhile, 'volumes_roles_mapping' ids are not validated,
    that allows create roles with wrong 'volumes_roles_mapping'
    metadata. This patch:
      * fixes validate procedure of 'volumes_roles_mapping' ids
        while creating a new role
      * moves validate code for already existed roles from handler
        to validator

    Change-Id: Ib040b9bde0f2a54323a36c8e3c2d01716282cbdc
    Closes-Bug: 1619486
    (cherry picked from commit a3cd0ea0708e6c532bdcea0ac260c913bddd92f4)

tags: added: in-stable-mitaka
TatyanaGladysheva (tgladysheva)
tags: added: on-verification
Revision history for this message
TatyanaGladysheva (tgladysheva) wrote :

Verified on 9.1 snapshot #261.

tags: removed: on-verification
Changed in fuel:
status: Fix Committed → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/fuel-web 10.0.0rc1

This issue was fixed in the openstack/fuel-web 10.0.0rc1 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/fuel-web 10.0.0

This issue was fixed in the openstack/fuel-web 10.0.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.