Dynamic_ui Services should use a Session-based storage

Bug #1264289 reported by Timur Sufiev
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Murano
Fix Released
Critical
Timur Sufiev

Bug Description

Currently all Services (and cleaned_data tied to them) are stored directly in memory of Django/Apache processes. This can lead to a subtle bugs even now (due to one user validating against cleaned_data of another user). Once per-tenant isolation is implemented, it will become much greater problem, because it doesn't separate different Users by their visible Services.

Tags: verified
Timur Sufiev (tsufiev-x)
Changed in murano:
milestone: none → 0.4.1
assignee: nobody → Timur Sufiev (tsufiev-x)
importance: Undecided → Critical
Changed in murano:
importance: Critical → High
importance: High → Critical
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to murano-dashboard (master)

Fix proposed to branch: master
Review: https://review.openstack.org/65711

Changed in murano:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to murano-dashboard (master)

Reviewed: https://review.openstack.org/65711
Committed: https://git.openstack.org/cgit/stackforge/murano-dashboard/commit/?id=f6acc5f91ed5d2c373f1e1c2d9927382b6e92ffe
Submitter: Jenkins
Branch: master

commit f6acc5f91ed5d2c373f1e1c2d9927382b6e92ffe
Author: Timur Sufiev <email address hidden>
Date: Thu Jan 9 19:15:44 2014 +0400

    Rewrite dynamic_ui to store Services data per-session.

    Thus set of Services (and cleaned_data for them) for each user/tenant
    will be isolated supporting per-tenant isolation blueprint.

    Note that SESSION_ENGINE =
    'django.contrib.sessions.backends.signed_cookies' doesn't work well
    with Services' data storage because it has default limitation of 4096
    bytes.

    Closes-bug: #1264289
    Change-Id: I3d0b46463470912cf6d7a36fddd84292689775da

Changed in murano:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to murano-dashboard (release-0.4)

Fix proposed to branch: release-0.4
Review: https://review.openstack.org/68339

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to murano-dashboard (release-0.4)

Reviewed: https://review.openstack.org/68339
Committed: https://git.openstack.org/cgit/stackforge/murano-dashboard/commit/?id=b93fb120b7f5ab2c190cb021f127c39631f0f5b3
Submitter: Jenkins
Branch: release-0.4

commit b93fb120b7f5ab2c190cb021f127c39631f0f5b3
Author: Ekaterina Fedorova <email address hidden>
Date: Thu Jan 9 14:53:40 2014 +0400

    Cherry-pick the following commits from master:

    * Extend exception messages.
      Closes-bug: #1264980
      Ia57821cd906a203b18546b9e93e38f3e1bc71025
    * Remove extra methods of interaction with API:
      and use environment_get instead it.
      Closes-Bug: #1265165
      Ib49aecff4773773b6cf305d51db29a17bcf813f3
    * Move most of code for dynamic UI form creation into metaclass.
      Implements: blueprint dynamic-ui-optimization
      I9b2617527b410abb7c60df978f9c00f7cef491d3
    * Minor refactoring of dynamic_ui.
      Move more functions to dynamic_ui.helpers.
      Ib578a24159dda4de5fecf5df35ff71bc7d704215
    * Rewrite dynamic_ui to store Services data per-session.
      Thus set of Services (and cleaned_data for them) for each
      user/tenant will be isolated supporting per-tenant isolation
      blueprint.
      Closes-bug: #1264289
      I3d0b46463470912cf6d7a36fddd84292689775da
    * Update local_settings.py.example to stable/havana.
      If56e74338449eb14b6b8a581863502287e654517
    * Hide "Upload UI file" btn in manage service table
      There is should be only one ui definition in service So need to show
      "Upload UI file" only ic case there is no any
      Closes-bug: #1263052
      Ibe8c74f20062cd213d8a53ff46d9db9d41a2e08d
    * Support per-tenant isolation for service metadata files.
      Partially implements: blueprint per-tenant-isolation
      I7393e748216ddaa59d6e90249b263514d08f9d34
    * Added empty line in KeyPair fields.
      Implements: blueprint rewrite-key-pair-for-linux-based-services
      If7dcf19084422c76d3bd1b075e4d5080254d003b

    Change-Id: I10b920a3b7cdd9b9a19d37243be81f6aa6aafa9b

tags: added: verified
Changed in murano:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.