Public bug reported: As seen with the following curl command, neutron accepts float values for quotas that should require ints. It coverts them to an int, but it should have returned HTTP 400 instead. The conversion it's doing may or may not have the same results in python3 as it does here in python2, so that's another potential concern.
curl -s -X PUT http://localhost:9696/v2.0/quotas/c4d15a1adc0a4cd89006d4db0a2bdfed -H "Accept: application/json" -H "X-Auth-Token: <my_token>" -H "Content-Type: application/json" -d '{"quota": {"floatingip": 2.9}}' | python -m json.tool { "quota": { "floatingip": 2, "network": -1, "port": -1, "rbac_policy": 10, "router": 10, "security_group": 10, "security_group_rule": 100, "subnet": -1, "subnetpool": -1 } } ** Affects: neutron Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1688024 Title: quota API missing input validation Status in neutron: New Bug description: As seen with the following curl command, neutron accepts float values for quotas that should require ints. It coverts them to an int, but it should have returned HTTP 400 instead. The conversion it's doing may or may not have the same results in python3 as it does here in python2, so that's another potential concern. curl -s -X PUT http://localhost:9696/v2.0/quotas/c4d15a1adc0a4cd89006d4db0a2bdfed -H "Accept: application/json" -H "X-Auth-Token: <my_token>" -H "Content-Type: application/json" -d '{"quota": {"floatingip": 2.9}}' | python -m json.tool { "quota": { "floatingip": 2, "network": -1, "port": -1, "rbac_policy": 10, "router": 10, "security_group": 10, "security_group_rule": 100, "subnet": -1, "subnetpool": -1 } } To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1688024/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
