Leadership check not enforced server-side for SetPodSpec
Bug #1863155 reported by
Achilleas Anagnostopoulos
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Juju |
Fix Released
|
Medium
|
Achilleas Anagnostopoulos | ||
2.7 |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
It seems like we only perform leadership checks for the SetPodSpec call in the client (https:/
Besides the fact that the client should never be trusted, the missing check can potentially allow a unit that loses leadership _while invoking_ the SetPodSpec call to overwrite the PodSpec.
The ongoing uniter refactoring work on the develop branch will address this issue but we should probably also fix it on the 2.7 branch (and perhaps back-port to 2.6?).
Changed in juju: | |
milestone: | none → 2.8-beta1 |
status: | New → In Progress |
assignee: | nobody → Achilleas Anagnostopoulos (achilleasa) |
importance: | Undecided → Medium |
Changed in juju: | |
status: | In Progress → Fix Committed |
Changed in juju: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
PR https:/ /github. com/juju/ juju/pull/ 11255 includes a fix for the develop branch