Glance

Returns 500 if a body is included where not expected

Bug #1475647 reported by Niall Bunting
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Glance
Fix Released
Medium
Niall Bunting

Bug Description

Overview:
If a user attaches a body to a HTTP message, where the API does not expect there to be a body the server returns a 500. This therefore affects a large part of the API.

Steps to reproduce (One example):
(1) The curl command, which includes a body:
curl -v -X GET http://16.49.137.85:9292/v2/images/5619cf1f-5c43-4a1d-a90b-aa7354e453e7 -H "X-Auth-Token: 3ee83196ecbb4a559b945ac849c1520e" -d '[]'

(2) Sends the following:
GET http://16.49.137.85:9292/v2/images/5619cf1f-5c43-4a1d-a90b-aa7354e453e7 HTTP/1.1.
User-Agent: curl/7.35.0.
Host: 16.49.137.85:9292.
Accept: */*.
Proxy-Connection: Keep-Alive.
X-Auth-Token: 3ee83196ecbb4a559b945ac849c1520e.
Content-Length: 2.
Content-Type: application/x-www-form-urlencoded.
.
[]

Actual:
The response in a 500 error.

Expected:
It may be nice if it caught the fact that a body was not expected and returned a error early, to stop the whole body being uploaded. I would like some input into what people think the expected behavior should be?

See original description
Niall Bunting (niall-bunting)
Changed in glance:
assignee: nobody → Niall Bunting (niall-bunting)
Niall Bunting (niall-bunting)
description: updated
summary: - Get image API returns 500 if a body is included
+ Returns 500 if a body is included where not expected
description: updated
description: updated
OpenStack Infra (hudson-openstack)
Changed in glance:
status: New → In Progress
Revision history for this message
Niall Bunting (niall-bunting) wrote :

Review https://review.openstack.org/207150

Brian Rosmaita (brian-rosmaita)
Changed in glance:
importance: Undecided → Medium
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to glance (master)

Reviewed: https://review.openstack.org/207150
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=9b430f99518e10ae263bedec3062408af332068c
Submitter: Jenkins
Branch: master

commit 9b430f99518e10ae263bedec3062408af332068c
Author: Niall Bunting <email address hidden>
Date: Tue Jul 28 15:05:10 2015 +0000

    Add functionality to define requests without body

    This allows functions that do not accept bodies to define this in the
    router file. As currently many requests will cause a 500 if a body is
    supplied when the API request does not expect it.

    This currently only affects the core parts of the v2 api, that is,
    calls to v2/images and v2/schemas. It does not cover the "tasks" API
    or the metadefs api as I was keeping this patch concise. As this
    does not affect the behaviour if not included this makes no change to
    the metadefs api behaviour.

    DocImpact

    Partial-Bug: 1475647

    Change-Id: Ieb510e5516128078d40d39fd9b4f339ce64e10e7

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Reviewed: https://review.openstack.org/283190
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=a22f0744a5e89e653de9772e9b2b3aaa10c74f64
Submitter: Jenkins
Branch: master

commit a22f0744a5e89e653de9772e9b2b3aaa10c74f64
Author: Niall Bunting <email address hidden>
Date: Mon Feb 22 17:13:06 2016 +0000

    Reject bodies for metadef commands

    The inital commit missed the metadef commands. This now adds them in
    using http://developer.openstack.org/api-ref-image-v2.html as the source
    for this information.

    Closes-Bug: 1475647

    Change-Id: I764e09d9d0e3f2dd2d815b9eca2212075598303c

Changed in glance:
status: In Progress → Fix Released
Revision history for this message
Thierry Carrez (ttx) wrote : Fix included in openstack/glance 12.0.0.0rc1

This issue was fixed in the openstack/glance 12.0.0.0rc1 release candidate.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.