Volume create schema validation not allowing extra params prior to enforcing microversion

Bug #1786054 reported by Sean McGinnis
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Cinder
Fix Released
High
Sean McGinnis

Bug Description

Microversion 3.53 added schema validation to the volume create call to enforce that extra parameters would not be allowed. Reports that horizon is seeing this enforcement happening prior to the microversion that enables this enforcement.

http://lists.openstack.org/pipermail/openstack-dev/2018-August/132977.html

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to cinder (master)

Fix proposed to branch: master
Review: https://review.openstack.org/589935

Changed in cinder:
assignee: nobody → Sean McGinnis (sean-mcginnis)
status: New → In Progress
Revision history for this message
Sean McGinnis (sean-mcginnis) wrote :

This doesn't appear to be valid. The unit tests being added in 589935 should have been able to reproduce the issue, but they pass with no other modifications.

Since that didn't work, I tried reproducing this against a running system using curl. With no version specified (defaulting to the base 3.0 microversion) creation succeeded:

curl -g -i -X POST http://192.168.1.234/volume/v3/95ae21ce92a34b3c92601f3304ea0a46/volumes -H "Accept: "Content-Type: application/json" -H "User-Agent: python-cinderclient" -H "X-Auth-Token: $OS_TOKEN" -d '{"volume": {"backup_id": null, "description": null, "multiattach": false, "source_volid": null, "consistencygroup_id": null, "snapshot_id": null, "size": 1, "name": "New", "imageRef": null, "availability_zone": null, "volume_type": null, "metadata": {}, "project_id": "testing", "junk": "garbage"}}'

I then tried specifying the microversion that introduces the strict schema checking to make sure I was able to get the appropriate failure, which worked as expected:

curl -g -i -X POST http://192.168.1.234/volume/v3/95ae21ce92a34b3c92601f3304ea0a46/volumes -H "Accept: "Content-Type: application/json" -H "User-Agent: python-cinderclient" -H "X-Auth-Token: $OS_TOKEN" -d '{"volume": {"backup_id": null, "description": null, "multiattach": false, "source_volid": null, "consistencygroup_id": null, "snapshot_id": null, "size": 1, "name": "New-mv353", "imageRef": null, "availability_zone": null, "volume_type": null, "metadata": {}, "project_id": "testing", "junk": "garbage"}}' -H "OpenStack-API-Version: volume 3.53"
HTTP/1.1 400 Bad Request
...

And to test boundary conditions, I then specified the microversion just prior to the one that enabled strict checking:

curl -g -i -X POST http://192.168.1.234/volume/v3/95ae21ce92a34b3c92601f3304ea0a46/volumes -H "Ac "Content-Type: application/json" -H "User-Agent: python-cinderclient" -H "X-Auth-Token: $OS_TOKEN" -d '{"volume": {"backup_id": null, "description": null, "multiattach": false, "source_volid": null, "consistencygroup_id": null, "snapshot_id": null, "size": 1, "name": "New-mv352", "imageRef": null, "availability_zone": null, "volume_type": null, "metadata": {}, "project_id": "testing", "junk": "garbage"}}' -H "OpenStack-API-Version: volume 3.52"
HTTP/1.1 202 Accepted

In all cases except the strict checking one, the volume was created successfully even though the junk extra parameters ("project_id": "testing", "junk": "garbage") were provided.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: master
Review: https://review.openstack.org/590014

Jay Bryant (jsbryant)
Changed in cinder:
importance: Undecided → High
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (master)

Reviewed: https://review.openstack.org/590014
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=f41751cb04dc934c79ef7090aad23b807a7d9bbc
Submitter: Zuul
Branch: master

commit f41751cb04dc934c79ef7090aad23b807a7d9bbc
Author: Sean McGinnis <email address hidden>
Date: Wed Aug 8 14:34:22 2018 -0500

    Allow extra parameters in volume_type_encryption

    Change I6488cc89e60a31605ddf80c7aa56ddf4871d3c1a added schema validation
    for volume type encryption, but it locked things down in a non-backwards
    compatible way by not allowing extra parameters. This has caused
    problems for at least Horizon. If we are going change this to not be
    backwards compatible it should include a microversion bump and moving
    the endpoint out of contrib to a standard endpoint.

    To keep some schema validation at least, this just allows extra
    parameters so existing API consumers should be unaffected. We can
    address locking things down better in a future release when we have time
    to do it right.

    Closes-bug: #1783467
    Closes-bug: #1786054

    Change-Id: I45c254eca69471509e7ae4c957df51282e2d1776
    Signed-off-by: Sean McGinnis <email address hidden>

Changed in cinder:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/cinder 13.0.0.0rc1

This issue was fixed in the openstack/cinder 13.0.0.0rc1 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (master)

Reviewed: https://review.openstack.org/589935
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=3a5f83be2d3be7f2a56d874f6260dfc7ff28f1ee
Submitter: Zuul
Branch: master

commit 3a5f83be2d3be7f2a56d874f6260dfc7ff28f1ee
Author: Sean McGinnis <email address hidden>
Date: Wed Aug 8 09:50:08 2018 -0500

    Add volume create schema enforcement unit tests

    This increases test coverage with the volume create call to verify calls
    using microversions < 3.53 allow extra parameters to be passed and calls
    starting with microversion 3.53 will raise a schema validation error for
    unexpected values.

    Partial-bug: #1786054

    Change-Id: Ib532eb9d4fe0bd597724b734d2e8a7c6daf7c4f1
    Signed-off-by: Sean McGinnis <email address hidden>

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.