Project

General

Profile

Actions

Bug #29420

open

POST /api/hosts/:id should not accept capabilities

Added by Evgeni Golov about 4 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
API
Target version:
-
Difficulty:
Triaged:
No
Fixed in Releases:
Found in Releases:

Description

creating/updating a host currently accepts a string "capabilities" (see https://github.com/theforeman/foreman/blob/40fab71c99f8bf3195e59af08524233c6e2cf7af/app/controllers/api/v2/hosts_controller.rb#L109), but to my understanding capabilities is really a list of available provisioning methods, so while it's useful to have it in the show output of the entity, there is no point in allowing the API to allow it.

trying to set it to some random string fails anyways.

2020-03-26T13:26:48 [I|app|d07891aa] Started PUT "/api/hosts/2" for 192.168.122.1 at 2020-03-26 13:26:48 +0000
2020-03-26T13:26:48 [I|app|d07891aa] Processing by Api::V2::HostsController#update as JSON
2020-03-26T13:26:48 [I|app|d07891aa]   Parameters: {"host"=>{"capabilities"=>"lolwhat"}, "apiv"=>"v2", "id"=>"2"}
2020-03-26T13:26:48 [W|app|d07891aa] Action failed
2020-03-26T13:26:48 [I|app|d07891aa]   Rendering api/v2/errors/custom_error.json.rabl within api/v2/layouts/error_layout
2020-03-26T13:26:48 [I|app|d07891aa]   Rendered api/v2/errors/custom_error.json.rabl within api/v2/layouts/error_layout (1.1ms)
2020-03-26T13:26:48 [I|app|d07891aa] Completed 500 Internal Server Error in 38ms (Views: 4.6ms | ActiveRecord: 4.1ms)

it's also not exposed in the WebUI or hammer at all

No data to display

Actions

Also available in: Atom PDF