Public bug reported:
Glance api supports sorting only by 'name', 'status', 'container_format',
'disk_format', 'size', 'id', 'created_at', 'updated_at'
But now it's possible to make sorting by private fields like checksum or
min_ram (/images?sort_key=checksum), that violates api.
It's possible because there is no key validation on the api layer in v2.
There is a check on the db in pagination, but it covers all the fields (not
only api), which causes a problem.
** Affects: glance
Importance: Undecided
Assignee: Mike Fedosin (mfedosin)
Status: In Progress
** Changed in: glance
Assignee: (unassigned) => Mike Fedosin (mfedosin)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1400366
Title:
Glance allows to sort images by private fields
Status in OpenStack Image Registry and Delivery Service (Glance):
In Progress
Bug description:
Glance api supports sorting only by 'name', 'status', 'container_format',
'disk_format', 'size', 'id', 'created_at', 'updated_at'
But now it's possible to make sorting by private fields like checksum or
min_ram (/images?sort_key=checksum), that violates api.
It's possible because there is no key validation on the api layer in v2.
There is a check on the db in pagination, but it covers all the fields (not
only api), which causes a problem.
To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1400366/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
