Lock, migrate, and unshelve server actions don't enforce request body schema for certain microversions
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Won't Fix
|
Undecided
|
Jorge San Emeterio |
Bug Description
Description
===========
Basically $summary. For lock, migrate, and unshelve, we have decorators for validation schema that _start_ at a certain microversion (exact microversion varies), meaning anything below that is not checked. A client could send a request that is only valid in higher microversion, omit sending a microversion (probably by mistake), and be surprised when the request is accepted but not honoured.
Steps to reproduce
==================
1. Send a request with random stuff in the body
ex:
curl -g -i -X POST http://
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "User-Agent: python-novaclient" \
-H "X-Auth-Token: <snip>" \
-H "X-OpenStack-
-d '{"lock": {"foo": "bar"}}'
OR
-d '{"migrate": {"foo": "bar"}}'
OR
-d '{"unshelve": {"foo": "bar"}}'
Expected result
===============
400 Bad Request (or similar)
Actual result
=============
HTTP/1.1 202 Accepted
Environment
===========
Reproduced on master with devstack+kvm. Originally reported on wallaby https:/
Additional info
===============
I (manually, so there could be errors) went through the code, and those are the only 3 instances of this that I found. Every other API controller method correctly validates its request body across the entire range of the microversions where it's supported.
summary: |
- Lock, migrate, and shelve server actions don't enforce request body + Lock, migrate, and unshelve server actions don't enforce request body schema for certain microversions |
Changed in nova: | |
assignee: | nobody → Jorge San Emeterio (jsanemet) |
status: | Confirmed → In Progress |
Changed in nova: | |
status: | In Progress → Fix Committed |
Bug verified, minimum API version not set. --> set it to confirmed.