Skip to content

fix(rest-api): OS imageUrl/imageSha are immutable on update and change attempt should fail (release 2.0)#3484

Open
pbreton wants to merge 4 commits into
NVIDIA:release/v2.0from
pbreton:fix/api-spec-sha-should-be-immutable-v2.0
Open

fix(rest-api): OS imageUrl/imageSha are immutable on update and change attempt should fail (release 2.0)#3484
pbreton wants to merge 4 commits into
NVIDIA:release/v2.0from
pbreton:fix/api-spec-sha-should-be-immutable-v2.0

Conversation

@pbreton

@pbreton pbreton commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

The operating-system PATCH validation advertised imageUrl/imageSha as patchable and forced them to be sent together, but site sync forwards those to Core's UpdateOsImage, which rejects any change to source_url/digest as read-only ("os_image update read-only attributes changed"). Callers who only wanted to rotate an image auth token were also blocked, since imageAuthToken could not be sent without imageUrl.

Align the API layer with the immutable-image design: reject changes to imageUrl/imageSha up front with a clear 400 (re-sending the current value stays a no-op), and allow imageAuthType/imageAuthToken to be updated on image-based OS without re-sending imageUrl/imageSha. Update the OpenAPI descriptions and the model/handler tests to match.

Related issues

Cherry-picked from main (#3294)

pbreton added 4 commits July 13, 2026 21:21
The operating-system PATCH validation advertised imageUrl/imageSha as
patchable and forced them to be sent together, but site sync forwards
those to Core's UpdateOsImage, which rejects any change to
source_url/digest as read-only ("os_image update read-only attributes
changed"). Callers who only wanted to rotate an image auth token were
also blocked, since imageAuthToken could not be sent without imageUrl.

Align the API layer with the immutable-image design: reject changes to
imageUrl/imageSha up front with a clear 400 (re-sending the current
value stays a no-op), and allow imageAuthType/imageAuthToken to be
updated on image-based OS without re-sending imageUrl/imageSha. Update
the OpenAPI descriptions and the model/handler tests to match.

Signed-off-by: Patrice Breton <pbreton@nvidia.com>
Signed-off-by: Patrice Breton <pbreton@nvidia.com>
Move the non-image imageURL rejection into the early OS-type guard so it
covers both iPXE and templated-iPXE OS, and drop the duplicate
imageURL Nil rule from the non-image ValidateStruct block. Update the
second OperatingSystemUpdateRequest OpenAPI example to omit the
immutable imageUrl/imageSha, showing a mutable-only image OS update.

Signed-off-by: Patrice Breton <pbreton@nvidia.com>
Signed-off-by: Patrice Breton <pbreton@nvidia.com>
@pbreton pbreton requested a review from a team July 14, 2026 16:03
@coderabbitai

coderabbitai Bot commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 2e2813c2-e44d-4330-8627-91f092bd5db0

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@github-actions

Copy link
Copy Markdown

@github-actions

Copy link
Copy Markdown

🔐 TruffleHog Secret Scan

No secrets or credentials found!

Your code has been scanned for 700+ types of secrets and credentials. All clear! 🎉

🔗 View scan details

🕐 Last updated: 2026-07-14 16:07:15 UTC | Commit: ff88f83

@github-actions

github-actions Bot commented Jul 14, 2026

Copy link
Copy Markdown

🔍 Container Scan Summary

Service Total Critical High Medium Low Other
boot-artifacts-aarch64 3 0 0 3 0 0
boot-artifacts-x86_64 3 0 0 3 0 0
forge-admin-cli-x86_64 259 13 30 78 7 131
machine-validation-runner 807 40 234 288 36 209
machine_validation 807 40 234 288 36 209
machine_validation-aarch64 807 40 234 288 36 209
nvmetal-carbide 807 40 234 288 36 209
TOTAL 3493 173 966 1236 151 967

Per-CVE detail lives in the per-service grype-* artifacts (JSON + SARIF). Severity counts only — no CVE IDs published here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant