Should not be able to create/update an action via the API

Bug #1533281 reported by Vincent Françoise on 2016-01-12
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
watcher
Medium
Vincent Françoise

Bug Description

As of now the POST and PATCH method are supported on the /actions endpoint even though it shouldn't.

So we should remove them from the exposed actions as actions should only be modified internally.

Tags: api Edit Tag help
Changed in watcher:
importance: Undecided → Medium
milestone: none → mitaka-3
Changed in watcher:
assignee: nobody → Vincent Françoise (vincent-francoise)

Fix proposed to branch: master
Review: https://review.openstack.org/281873

Changed in watcher:
status: Confirmed → In Progress
Download full text (3.4 KiB)

Copy & paste from review discussion to help people understand the problem:

===========================================================

Hi Edwin,

The reason behind removing these actions is because an action plan is atomic.
The only way for us to be able to delete actions should be when we delete the
action plan these actions relate to.

Actions are chained one to another by the planner so we know the order of
execution. The action plan only references the first action UUID it has to
execute and the latter knows about the next one and so on and so forth.
Therefore, if an administrator is given the ability to delete one of them,
this may probably invalidate the whole action plan because it would break the
chaining that had been made by the planner.

IMHO, removing these verbs is the simplest way for us to ensure the integrity
of our action prior to execution. Another approach would be to actually enforce
the the re-chaining of the other related actions whenever we delete one (e.g.
we have 1->2->3->4 and we delete '3' so we re-chain it as 1->2->4). But the
problem with that second option is that whenever we will move on to use a graph
representation instead of a simple list (blueprint action-plan-flow-storage),
the question will get much more complex and that would definitely require a BP
of its own.

So we have these 2 options (you may have some other?), I think that it makes
more sense to first secure the integrity of the action plan using the 1st
option and then propose a blueprint that would follow the introduction of a
graph-shaped action plan that would tackle the following questions:

- In what way should we be able to alter an action plan after it has been
  issued?
- What are the mechanisms we would have put in place to rebuild the flow of
  actions after it got updated?

  * What rules are we setting to apply to re-map an action that does not have
    a parent anymore but still has some children actions attached to it?
  * Should we then submit the new version of the action flow to the planner?

That being said, you may have some use cases that require the alteration of an
action plan which would then justify going another direction. If so, I would be
happy to hear about it.

So thanks for your comment! It makes a lot of sense and actually gives an
opportunity to lay down the problem.
All this being said, what are your thoughts? Do you think we still need to lay
things down into a BP? And if so, do you think we need a spec for it?
Edwin Zhai
Feb 22 3:19 PM

Patch Set 1:

    Hi Edwin,That being said, you may have some use cases that require the
    alteration of an
    action plan which would then justify going another direction. If
    so, I would be
    happy to hear about it.

One possible user case in my head is that expert user could change suggested action flow by add/remove/modify single action.

    So thanks for your comment! It makes a lot of sense and actually
    gives an
    opportunity to lay down the problem.
    All this being said, what are your thoughts? Do you think we still
    need to lay
    things down into a BP? And if so, do you think we need a spec for
    it?

Need a BP if we decide to remove these action...

Read more...

Changed in watcher:
milestone: mitaka-3 → mitaka-rc-1
Changed in watcher:
milestone: mitaka-rc-1 → mitaka-rc-final

Reviewed: https://review.openstack.org/281873
Committed: https://git.openstack.org/cgit/openstack/watcher/commit/?id=22c9c4df877b5fabcdf74bb80e61d24d06700dcc
Submitter: Jenkins
Branch: master

commit 22c9c4df877b5fabcdf74bb80e61d24d06700dcc
Author: Vincent Françoise <email address hidden>
Date: Thu Feb 18 14:48:49 2016 +0100

    Disabled PATCH, POST and DELETE for /actions

    I removed the POST, PATCH and DELETE verbs from the actions
    controller as they should only be modified internally.

    Change-Id: Ia72484249240f829423056f66c5c0f9632d02106
    Closes-Bug: #1533281

Changed in watcher:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers