Open Stack

This looks like a good place to add a test to tempest to tickle the same 
behavior that horizon is driving.

I expect this is another issue where we are expecting MySQL type 
coersion for the db, and something that will be exposed on the 
Postgresql Tempest run upstream. We have a standard pattern of fixing 
those in nova once we've got a test to demonstrate it.

Longer term we really need to be doing more front side validation, 
perhaps the new v3 framework will let us get there more easily.

	-Sean

On 07/14/2013 11:27 PM, Gabriel Hurley wrote:
> I responded on the ticket as well, but here’s my take:
>
> An error like this should absolutely be caught before it raises a
> database error. A useful, human-friendly error message should be
> returned via the API. Any uncaught exception is a bug. On the other side
> of the equation, anything using the API (such as Horizon) should do its
> best to pre-validate the input, but if invalid input **is** sent it
> should be handled well. The best way to let Horizon devs know what the
> problem is is for the API to return an intelligent failure.
>
> All the best,
>
> -Gabriel
>
> *From:*Dirk Müller [mailto:dirk at dmllr.de]
> *Sent:* Sunday, July 14, 2013 5:20 PM
> *To:* OpenStack Development Mailing List
> *Subject:* Re: [openstack-dev] [Nova][Horizon] Is there precedent for
> validating user input on data types to APIs?
>
> Hi Matt,
>
> Given that the Nova API is public, this needs to be validated in the
> API, otherwise the security guys are unhappy.
>
> Of course the API shouldn't get bad data in the first place. That's a
> bug in nova client. I have sent reviews for both code fixes but I've not
> seen any serious reaction or approval on those for two weeks. Eventually
> somebody is going to look at it, I guess.
>
> Greetings,
> Dirk
>
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>


-- 
Sean Dague
http://dague.net