Cinder

No validation for the metadata properties

Bug #1593588 reported by xiexs on 2016-06-17

This bug report is a duplicate of: Bug #1592331: volume update API misses metadata checking. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Cinder	Fix Released	Undecided	xiexs

Bug Description

The following error will be raised while creating/updating a volume with metadata properties in which there are some long keys/values(more than 255).
{
    "computeFault": {
        "code": 500,
        "message": "The server has either erred or is incapable of performing the requested operation."
    }
}

It is easy to be reproduced:

curl -X PUT -H "X-Auth-Token: xxxxx" "http://xxxx:8776/v2/xxxxxx/volumes/xxxxxxx" -H 'Content-type: application/json' -d "{
\"volume\": {
\"name\": \"updated_name\",
\"description\": \"updated_description\",
\"metadata\": {\"key2\":\"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\"}
}
}

The following APIs also have same issue:
- /backups API
- /types API

See original description

xiexs (xiexs) on 2016-06-17

Changed in cinder:
assignee:	nobody → xiexs (xiexs)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-06-17: Fix proposed to cinder (master)

Fix proposed to branch: master
Review: https://review.openstack.org/330913

Changed in cinder:
status:	New → In Progress

Revision history for this message

xiexs (xiexs) wrote on 2016-06-23:

This bug is also hit by the creation of volume type with invalid extra_specs.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-06-23:

Fix proposed to branch: master
Review: https://review.openstack.org/333323

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-06-27:

Fix proposed to branch: master
Review: https://review.openstack.org/334554

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-06-28: Fix merged to cinder (master)

Reviewed: https://review.openstack.org/333323
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=d5f1720e028e702fb77f595959341787c339abe0
Submitter: Jenkins
Branch: master

commit d5f1720e028e702fb77f595959341787c339abe0
Author: xiexs <email address hidden>
Date: Thu Jun 23 10:31:12 2016 -0400

Add validation for type extra_specs

    There is no checking for type extra_specs by
    the volume type creation API /v2/types, so that
    a 500 error will be encountered when invalid
    extra_specs specified.
    This patch tries to add a validating logic for it
    by using utils.validate_extra_specs().

Change-Id: Idda9a3e69b43f71d866de70df72f9d12e5f2f1c9
Closes-Bug: #1593588

Changed in cinder:
status:	In Progress → Fix Released

xiexs (xiexs) on 2016-06-28

description:

updated

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-06-29:

Reviewed: https://review.openstack.org/334554
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=b77f388e53cc5a4bb061a46a5e0210528a42c940
Submitter: Jenkins
Branch: master

commit b77f388e53cc5a4bb061a46a5e0210528a42c940
Author: xiexs <email address hidden>
Date: Mon Jun 27 13:58:05 2016 -0400

Add validation for container name

    There is no checking for container name so that
    the API /backups will raise a 500 error when
    the container name is more than 255 characters
    specified.

Change-Id: I9fa0c27e7739eeaad73ab3f05aa95ae9235b1425
Partial-Bug: #1593588

Revision history for this message

Doug Hellmann (doug-hellmann) wrote on 2016-07-14: Fix included in openstack/cinder 9.0.0.0b2

This issue was fixed in the openstack/cinder 9.0.0.0b2 development milestone.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-08-04: Fix merged to cinder (master)

Reviewed: https://review.openstack.org/340727
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=a940f1748a0543c46efc7f305810fbd7a4f5ef11
Submitter: Jenkins
Branch: master

commit a940f1748a0543c46efc7f305810fbd7a4f5ef11
Author: lg.yue <email address hidden>
Date: Mon Aug 1 11:08:17 2016 +0800

Add metadata length check to volume-manage

    api os-volume-manage allows user to create volume with metadata,
    but it does not do metadata length limit. This patch does length
    check in advance

    Change-Id: I09b0d2b692af8fade5ffff16c1cc61655fb700e5
    Closes-Bug: 1602086
    Partial-Bug: 1593588

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-08-29:

Reviewed: https://review.openstack.org/330913
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=86f645a05f177dc16e505cdf8101aaf71c95c7c4
Submitter: Jenkins
Branch: master

commit 86f645a05f177dc16e505cdf8101aaf71c95c7c4
Author: xiexs <email address hidden>
Date: Thu Jun 23 04:13:50 2016 -0400

Add validation for the metadata properties

    Besides /volume_metadata API, the volume metadata can also
    be controlled(i.e. create/update) by /volumes along with
    name and description. But there is no validation for
    /volumes API, so that 500 error will be encountered
    while invalid metadata specified.

This patch adds validation logic for it and meanwhile
some test cases as well.

Co-Authored-By: wanghao <email address hidden>

    Change-Id: I1c621c3d33403b197e0b8e99493ef9817d35d8b9
    Closes-Bug: #1593588
    Closes-Bug: #1592331

Revision history for this message

Thierry Carrez (ttx) wrote on 2016-09-02: Fix included in openstack/cinder 9.0.0.0b3

#10

This issue was fixed in the openstack/cinder 9.0.0.0b3 development milestone.

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1592331 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.