Bug #17343

It is not possible to use empty list as value for optional parameters via API

Added by Stanislav Tkachenko almost 5 years ago. Updated about 3 years ago.

Target version:
Bugzilla link:
Fixed in Releases:
Found in Releases:


Description of problem:
Some entities has optional array parameters that allow nil value. Previously it was possible to send empty list '[]' as value to clear all values, but now according to dLobatog it is not possible because of a new security mechanism in Rails.

Though it affects all the optional parameters, some example entities/parameters are: smart_proxies.locations, location.smart_proxies, organization.smart_proxies, organization.hostgroup_ids.

  1. Update with empty list

Making HTTP PUT request to with options {'verify': False, 'auth': ('admin', 'changeme'), 'headers': {'content-type': 'application/json'}} and data {"organization": {"smart_proxy_ids": []}}.

  1. Response

Received HTTP 200 response:

"smart_proxies":[ {
}, {

Steps to Reproduce:
1. Create entity that has optional array parameters
2. Update that parameter with some value
3. Update that parameter one more time with empty list
4. Check that values from point 2 not changed

Actual results:
When updating with empty list nothing happens, optional parameter has all previous values

Expected results:
All values should be cleared

Related issues

Related to Foreman - Bug #18155: OrganizationsControllerTest empty array test uses invalid data for form encodingClosed2017-01-19

Associated revisions

Revision 27752930 (diff)
Added by Kavita Gaikwad almost 5 years ago

Fixes #17343 - set deep munge config off

deep_munge was introduced as a solution to keep
Rails secure by default which results in
'empty array becomes nil in params'.
Thats why, set deep_munge config off in application.rb.
Also, added changes which will cast param argument to string
while calling find_by_{string_type_attr} method on object.


#1 Updated by Daniel Lobato Garcia almost 5 years ago

The reason seems to be that Rails 4 converts these attributes to 'nil' and are ignored.

2016-11-15T13:57:48 b5024cb3 [app] [D] Value for params[:smart_proxy][:locations] was set to nil, because it was one of [], [null] or [null, null, ...]. Go to for more information.

Then when I check smart_proxy_params on the update action, it's gone.

#2 Updated by Marek Hulán almost 5 years ago

  • Bugzilla link set to 1395229

#3 Updated by Kavita Gaikwad almost 5 years ago

  • Assignee set to Kavita Gaikwad
  • Target version set to 1.15.6

#4 Updated by Swapnil Abnave almost 5 years ago

  • Target version changed from 1.15.6 to 1.15.1

#5 Updated by The Foreman Bot almost 5 years ago

  • Status changed from New to Ready For Testing
  • Pull request added

#6 Updated by Kavita Gaikwad almost 5 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#7 Updated by Dominic Cleal almost 5 years ago

  • Legacy Backlogs Release (now unused) set to 189

#8 Updated by Dominic Cleal over 4 years ago

  • Related to Bug #18155: OrganizationsControllerTest empty array test uses invalid data for form encoding added

Also available in: Atom PDF