OpenStack Compute (nova)

no validation for security groups in create server of v3 api

Bug #1208746 reported by Ivan-Zhu on 2013-08-06

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Fix Released	High	Christopher Yeoh	OpenStack Compute (nova) 2013.2 "havana"

Bug Description

when I port negative tempest test into v3, this test cann't pass against v3 api. I think it failed because the security_groups extension has not been implemented.

     @attr(type=['negative', 'gate'])
    def test_create_with_nonexistent_security_group(self):
        # Create a server with a nonexistent security group

        security_groups = [{'name': 'does_not_exist'}]
        self.assertRaises(exceptions.BadRequest,
                          self.create_server,
                          security_groups=security_groups)

the following is the log:

FAIL: tempest.api.compute.servers.v3.test_servers_negative.ServersNegativeV3TestJSON.test_create_with_nonexistent_security_group[gate,negative]
----------------------------------------------------------------------
_StringException: Traceback (most recent call last):
  File "/opt/stack/tempest/tempest/api/compute/servers/v3/test_servers_negative.py", line 249, in test_create_with_nonexistent_security_group
    security_groups=security_groups)
  File "/opt/stack/tempest/.venv/local/lib/python2.7/site-packages/testtools/testcase.py", line 394, in assertRaises
    self.assertThat(our_callable, matcher)
  File "/opt/stack/tempest/.venv/local/lib/python2.7/site-packages/testtools/testcase.py", line 417, in assertThat
    raise MismatchError(matchee, matcher, mismatch, verbose)
MismatchError: <bound method type.create_server of <class 'tempest.api.compute.servers.v3.test_servers_negative.ServersNegativeV3TestJSON'>> returned ({'status': '202', 'content-length': '345', 'x-compute-request-id': 'req-0251d6a1-38e0-4249-8ee2-459fb09fa0a0', 'location': 'http://192.168.1.101:8774/v3/servers/c5738f95-11ad-42d0-b91d-bbb248c834ec', 'date': 'Tue, 06 Aug 2013 09:03:29 GMT', 'content-type': 'application/json'}, {u'links': [{u'href': u'http://192.168.1.101:8774/v3/servers/c5738f95-11ad-42d0-b91d-bbb248c834ec', u'rel': u'self'}, {u'href': u'http://192.168.1.101:8774/servers/c5738f95-11ad-42d0-b91d-bbb248c834ec', u'rel': u'bookmark'}], u'id': u'c5738f95-11ad-42d0-b91d-bbb248c834ec', u'security_groups': [{u'name': u'default'}], u'adminPass': u'cBR2Y9tt3nhr'})

-------------------- >> begin captured logging << --------------------
tempest.common.rest_client: INFO: Request: POST http://192.168.1.101:8774/v3/servers
tempest.common.rest_client: DEBUG: Request Headers: {'Content-Type': 'application/json', 'Accept': 'application/json', 'X-Auth-Token': '<Token omitted>'}
tempest.common.rest_client: DEBUG: Request Body: {"server": {"security_groups": [{"name": "does_not_exist"}], "flavorRef": 42, "name": "ServersNegativeV3TestJSON-instance24887116", "imageRef": "cade0819-2939-484b-a52f-600d039aefc1"}}
tempest.common.rest_client: INFO: Response Status: 202
tempest.common.rest_client: DEBUG: Response Headers: {'content-length': '345', 'location': 'http://192.168.1.101:8774/v3/servers/c5738f95-11ad-42d0-b91d-bbb248c834ec', 'date': 'Tue, 06 Aug 2013 09:03:29 GMT', 'x-compute-request-id': 'req-0251d6a1-38e0-4249-8ee2-459fb09fa0a0', 'content-type': 'application/json'}
tempest.common.rest_client: DEBUG: Response Body: {"server": {"security_groups": [{"name": "default"}], "id": "c5738f95-11ad-42d0-b91d-bbb248c834ec", "links": [{"href": "http://192.168.1.101:8774/v3/servers/c5738f95-11ad-42d0-b91d-bbb248c834ec", "rel": "self"}, {"href": "http://192.168.1.101:8774/servers/c5738f95-11ad-42d0-b91d-bbb248c834ec", "rel": "bookmark"}], "adminPass": "cBR2Y9tt3nhr"}}
--------------------- >> end captured logging << ---------------------

Ivan-Zhu (ivan-zhu) on 2013-08-07

Changed in nova:
assignee:	nobody → Christopher Yeoh (cyeoh-0)

Revision history for this message

Christopher Yeoh (cyeoh-0) wrote on 2013-08-07:

Looks like we have to port a bit more security groups to handle the server creation path

Changed in nova:
status:	New → Confirmed
importance:	Undecided → Critical
milestone:	none → havana-3

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-08-07: Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/40608

Changed in nova:
status:	Confirmed → In Progress

Joe Gordon (jogo) on 2013-08-28

Changed in nova:
importance:	Critical → High

Revision history for this message

Joe Gordon (jogo) wrote on 2013-08-28:

changing this to not critical because V3 will only be experimental in Havana.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-08-29: Fix merged to nova (master)

Reviewed: https://review.openstack.org/40608
Committed: http://github.com/openstack/nova/commit/15b1f6b6e03c5c89b4c16297b2103d67a8cae10c
Submitter: Jenkins
Branch: master

commit 15b1f6b6e03c5c89b4c16297b2103d67a8cae10c
Author: Chris Yeoh <email address hidden>
Date: Wed Aug 7 21:57:33 2013 +0930

Adds support for security_groups for V3 API server create

    Adds support for specifying the security group during the V3 API
    server create to the security groups extensions. This was
    accidentally missed during the initial port. Adds the
    corresponding XML deserialization and unittests.

Partially implements blueprint nova-v3-api
Fixes bug #1208746

Change-Id: Ie9d9e03ae20357212b0f270d97a19a0d0f9b0557

Changed in nova:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2013-09-05

Changed in nova:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2013-10-17

Changed in nova:
milestone:	havana-3 → 2013.2

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.