OpenStack DBaaS (Trove)

User and Database List in Instance Creation Not Fully Validated

Bug #1219627 reported by Auston McReynolds
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack DBaaS (Trove)
Fix Released
Undecided
Auston McReynolds
OpenStack DBaaS (Trove) 2014.1 "icehouse"

Bug Description

Example:

POST /instances

{
    "instance": {
        "name": "my_db",
        "databases": [
            {
                "character_set": "utf8",
                "collate": "utf8_general_ci",
                "name": "sampledb"
            }
        ],
        "users": [
            {
                "databases": [
                    {
                        "name": "otherdb"
                    }
                ],
                "name": "sampleuser",
                "password": "samplepassword"
            }
        ],
        ...
    }
}

Every database in instance.users.databases should exist in instance.databases, otherwise the guest will attempt to grant privileges to a database that can't possibly exist.

In the example above, the guest will attempt to grant privileges for "sampleuser" to access "otherdb", but "otherdb" does not exist (only "sampledb" does).

Fix: Add validation in the API to assert that all instance.users.databases exist in instance.databases, otherwise raise an exception.

Addendum: The API should validate for duplicate users as well (same name and host).

Note: instance.users.databases is already validated for duplicates via apischema's uniqueItems assertion.

See original description
Auston McReynolds (amcrn)
Changed in trove:
assignee: nobody → Auston McReynolds (amcreynolds)
status: New → In Progress
Auston McReynolds (amcrn)
summary: - User's Database List in Instance Creation Request Not Validated
+ User and Database List in Instance Creation Not Fully Validated
description: updated
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to trove (master)

Fix proposed to branch: master
Review: https://review.openstack.org/44978

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to trove (master)

Reviewed: https://review.openstack.org/44978
Committed: http://github.com/openstack/trove/commit/52d1203d055b66d49ed6b2dd91de8afe42a7e9d0
Submitter: Jenkins
Branch: master

commit 52d1203d055b66d49ed6b2dd91de8afe42a7e9d0
Author: amcrn <email address hidden>
Date: Wed Sep 4 00:50:57 2013 -0700

    User and Database List in Create Not Validated

    Fix #1: Every database in instance.users.databases should exist in
    instance.databases, otherwise the guest will attempt to grant
    privileges to a database that can't possibly exist.

    Fix #2: The (name, host) of each user in instance.users should be
    unique, otherwise there is a semantic duplicate.

    Note: instance.users.databases is already checked for uniqueness via
    apischema's uniqueItems assertion.

    Change-Id: Ib0a148a1d7dcf6adf2a899b15db815273e5688a4
    Closes-Bug: #1219627

Changed in trove:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in trove:
milestone: none → icehouse-1
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in trove:
milestone: icehouse-1 → 2014.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.