db column uuid validation is missing

Bug #1439022 reported by Kanagaraj Manickam
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Heat
Triaged
Low
Kanagaraj Manickam

Bug Description

In heat, some of the columns in different tables are using the UUID as the format of the column, but there is no validation exist for these column's value.

So this bug is filed to add new sql alchemy type called UUID and use it in all the places, where those columns are made to hold uuid values

Changed in heat:
assignee: nobody → Kanagaraj Manickam (kanagaraj-manickam)
Revision history for this message
Angus Salkeld (asalkeld) wrote :

I really don't think we need to validate the uuid, when this is only added by str(uuid.uuid4()).
It's not like it's user inserted.

Why do we need this?

Revision history for this message
Kanagaraj Manickam (kanagaraj-manickam) wrote :

in all models where the id is treated as uuid, default values are set with uuid.uuid4(), but other places, which are not like engine_id used in Resource and other models, those are the places where forgien key constrains are not defined, Stack_id in SYncPoint is another example.

Even in model ids, there is no validation done on the value being stored, so programmatic ally if developer stores non-uuid format with 36 lenght string, still, model will allow to store it. and will lead to defective scenario.

as part of this defect all the models column who type is of UUID should be updated and test cases to be take care accordingly, I believe.

Intention is to make sure the uuid columns are in UUID format irrespective of whether its id column, foreign-key column or some other loosely coupled column, as mentioned above.

Revision history for this message
Angus Salkeld (asalkeld) wrote :

@kanagaraj-manickam it seems low value to me (in comparison to the other things we need to do).

Angus Salkeld (asalkeld)
Changed in heat:
importance: Undecided → Low
Changed in heat:
status: New → Triaged
Rico Lin (rico-lin)
Changed in heat:
milestone: none → no-priority-tag-bugs
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.