You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by "Hudson (JIRA)" <ji...@apache.org> on 2016/03/04 17:09:40 UTC

[jira] [Commented] (AMBARI-15299) Absent validation of of stack_version id during API request to deeper entities

    [ https://issues.apache.org/jira/browse/AMBARI-15299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15180070#comment-15180070 ] 

Hudson commented on AMBARI-15299:
---------------------------------

SUCCESS: Integrated in Ambari-trunk-Commit #4444 (See [https://builds.apache.org/job/Ambari-trunk-Commit/4444/])
AMBARI-15299. Absent validation of of stack_version id during API (dlysnichenko: [http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=fe0c7ab9976a27a2284b64c71c1a8a5b7283eac6])
* ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RepositoryResourceProvider.java


> Absent validation of of stack_version id during API request to deeper entities
> ------------------------------------------------------------------------------
>
>                 Key: AMBARI-15299
>                 URL: https://issues.apache.org/jira/browse/AMBARI-15299
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.4.0
>            Reporter: Dmitry Lysnichenko
>            Assignee: Dmitry Lysnichenko
>             Fix For: 2.4.0
>
>         Attachments: AMBARI-15299.patch
>
>
> Request:
> {code}
> http://server:8080/api/v1/clusters/cl1/stack_versions
> {code}
> returns:
> {code}
> {
> "href" : "http://server:8080/api/v1/clusters/cl1/stack_versions",
> "items" : [
> {
> "href" : "http://server:8080/api/v1/clusters/cl1/stack_versions/1",
> "ClusterStackVersions" : {
> "cluster_name" : "cl1",
> "id" : 1,
> "repository_version" : 1,
> "stack" : "HDP",
> "version" : "2.3"
> }
> }
> ]
> }
> {code}
> But we can sent request to not available stack_versions:
> {code}
> http://server:8080/api/v1/clusters/cl1/stack_versions/34343rfff4/repository_versions/1/operating_systems/debian7/repositories/HDP-2.3
> {code}
> returns:
> {code}
> {
> "href" : "http://server:8080/api/v1/clusters/cl1/stack_versions/34343rfff4/repository_versions/1/operating_systems/debian7/repositories/HDP-2.3",
> "Repositories" : {
> "base_url" : "http://s3.amazonaws.com/hortonworks.com/HDP/debian7/2.x/BUILDS/2.3.4.0-3335",
> "default_base_url" : "",
> "latest_base_url" : "",
> "mirrors_list" : "",
> "os_type" : "debian7",
> "repo_id" : "HDP-2.3",
> "repo_name" : "HDP",
> "repository_version_id" : 1,
> "stack_name" : "HDP",
> "stack_version" : "2.3"
> }
> }
> {code}
> There should be some type of validation of used stack_versio.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)