OpenStack Compute (nova)

A PUT or POST sent to placement API without a content-type header will result in a 500, should be a 400

Bug #1623517 reported by Chris Dent on 2016-09-14

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Fix Released	Low	Chris Dent

Bug Description

If, by some twist of fate, a user agent send a PUT or POST requests to the placement API without a content-type header, the service will have an uncaught KeyError exception raised in webob as it tries to parse the body of the request. Tests which thought they were testing for this were not. The webob.dec.wsgify decorator is doing some work before the thing which the test exercises gets involved. So further tests and guards are required to avoid the 500.

Tags:

Chris Dent (cdent) on 2016-09-14

tags:

added: api placement scheduler

Matt Riedemann (mriedem) on 2016-09-14

Changed in nova:
status:	New → Confirmed
importance:	Undecided → Low

Revision history for this message

Matt Riedemann (mriedem) wrote on 2016-09-14:

https://review.openstack.org/#/c/370154/

Changed in nova:
assignee:	nobody → Chris Dent (cdent)
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-09-15: Fix merged to nova (master)

Reviewed: https://review.openstack.org/370154
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=281a78e0af3819e7de3ed84ddb83ec93ac0cc281
Submitter: Jenkins
Branch: master

commit 281a78e0af3819e7de3ed84ddb83ec93ac0cc281
Author: Chris Dent <email address hidden>
Date: Wed Sep 14 15:18:30 2016 +0100

[placement] prevent a KeyError in webob.dec.wsgify

    If a PUT, POST or PATCH is sent without a content-type header,
    webob.dec.wsgify will raise a KeyError. Avoid this by checking for
    the content-type header before reaching any wsgify calls. As noted
    in the TODO within this is not the most elegant solution, but
    prevents an inadvertent 500 and returns a reasonable 400.

Change-Id: I6e7dffb5dc5f0cdc78a57e8df3ae9952c55163ae
Closes-Bug: #1623517

Changed in nova:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-09-26: Fix included in openstack/nova 14.0.0.0rc1

This issue was fixed in the openstack/nova 14.0.0.0rc1 release candidate.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-03-20: Related fix proposed to nova (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/447625

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-04-10: Related fix merged to nova (master)

Reviewed: https://review.openstack.org/447625
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=6dd047a3307a1056077608fd5bc2d1c3b3285338
Submitter: Jenkins
Branch: master

commit 6dd047a3307a1056077608fd5bc2d1c3b3285338
Author: Chris Dent <email address hidden>
Date: Mon Mar 20 17:46:27 2017 +0000

[placement] Allow PUT and POST without bodies

    We plan to allow PUT requests to create/update both custom traits
    and custom resource classes, without bodies. Prior to this change,
    the code would not all a PUT, POST or PATCH to not have a body. This was
    added in I6e7dffb5dc5f0cdc78a57e8df3ae9952c55163ae which was fixing an
    issue with how webob handles exceptions.

This change does two things:

    * It address the problem from bug #1623517, fixed in the change id'd
      above, in a more narrow fashion, making sure the data source that
      causes the KeyError is non-empty right before it is used. This allows
      simplifying the following change.
    * If a request has a content-length (indicating the presence of a body),
      verify that there is also a content-type. If not, raise a 400.

    basic-http.yaml has been change to modify one gabbi test to check a
    response body is correct and to add another test to confirm that the
    code that is doing the content-length check is passed through.

    Change-Id: Ifb7446fd02ba3e54bbe2676dfd38e5dfecd15f98
    Closes-Bug: #1674392
    Related-Bug: #1623517

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.