Webhook return internal endpoint instead of public

Bug #1770144 reported by Peter Sabaini on 2018-05-09
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
OpenStack heat charm
Medium
Edward Hope-Morley

Bug Description

When configuring heat with use-internal-endpoints=True I'm seeing webhooks returned with internal endpoints. However, use-internal-endpoints should be consulted for internal communication only, and not be returned to clients.

$ cat scaling-pol.yaml
heat_template_version: 2016-10-14

description: ...
resources:

  web_server_scaleup_policy:
    type: OS::Heat::ScalingPolicy
    properties:
      adjustment_type: change_in_capacity
      auto_scaling_group_id: testasg
      cooldown: 60
      scaling_adjustment: 1
  web_server_scaledown_policy:
    type: OS::Heat::ScalingPolicy
    properties:
      adjustment_type: change_in_capacity
      auto_scaling_group_id: testasg
      cooldown: 60
      scaling_adjustment: -1

outputs:
  scale_up_url:
    description: ...
    value: {get_attr: [web_server_scaleup_policy, alarm_url]}
  scale_dn_url:
    description: ...
    value: {get_attr: [web_server_scaledown_policy, alarm_url]}

$ openstack stack create -t scaling-pol.yaml teststack

$ openstack stack output show teststack --all
...
 "output_value": "http://heat-internal:8000/..."

Workaround: reconfiguring heat with use-internal-endpoints=False and recreating the above stack returns the public heat endpoint.

Versions:
Pike on Xenial; charm-heat 18.02, commit ad7c7e8529fdb83e2e3036987e304b7b67654c03

Changed in charm-heat:
assignee: nobody → Edward Hope-Morley (hopem)
milestone: none → 18.05
Edward Hope-Morley (hopem) wrote :

I can easily reproduce this issue and believe it is caused by the way that we configure client endpoints in heat.conf. The problem is that when you set use_internal_endpoints=True we set the global client endpoint_type to InternalURL which results in all client endpoint_types inheriting this value but in actual fact heat stacks will tend not to have access to the Internal network. To that end the fix is crudely to leave the global config as-is but force heat client endpoint_type to PublicURL (i.e. default if use-internal-endpoints=False).

Changed in charm-heat:
importance: Undecided → Medium

Fix proposed to branch: master
Review: https://review.openstack.org/568582

Changed in charm-heat:
status: New → In Progress

Reviewed: https://review.openstack.org/568582
Committed: https://git.openstack.org/cgit/openstack/charm-heat/commit/?id=14a299596c0c94eacce3a2eda77e751b3a7a3ea5
Submitter: Zuul
Branch: master

commit 14a299596c0c94eacce3a2eda77e751b3a7a3ea5
Author: Edward Hope-Morley <email address hidden>
Date: Tue May 15 15:07:59 2018 +0200

    Always use publicURL for heat client

    We use the global client config for endpoint_type
    which means that all clients will inherit this setting
    but heat client must remain using the publicURL since
    that is used for heat stack output.

    Change-Id: Ibb6395e1a65cdb5e09f6a02ae03ee529da0c8d0e
    Closes-Bug: #1770144

Changed in charm-heat:
status: In Progress → Fix Committed
David Ames (thedac) on 2018-06-11
Changed in charm-heat:
status: Fix Committed → Fix Released
Edward Hope-Morley (hopem) wrote :

I was obviously having a bad day when i wrote this patch because I appear to have used to the wrong section name. It should be [clients_heat] not [heat_clients]. I'll submit a patch shortly to fix this.

Changed in charm-heat:
status: Fix Released → Confirmed
milestone: 18.05 → 18.11

Fix proposed to branch: master
Review: https://review.openstack.org/607495

Changed in charm-heat:
status: Confirmed → In Progress

Reviewed: https://review.openstack.org/607495
Committed: https://git.openstack.org/cgit/openstack/charm-heat/commit/?id=582e35214464b216ce555aee5fc9d2bd08962411
Submitter: Zuul
Branch: master

commit 582e35214464b216ce555aee5fc9d2bd08962411
Author: Edward Hope-Morley <email address hidden>
Date: Wed Oct 3 09:27:44 2018 +0100

    Fix commit 14a2995

    Original commit added incorrect config section [heat_clients]
    which should actually be [clients_heat].

    Also adds workaround for bug 1750395 which affects creation
    of server without specifying network (>= rocky). This is needed
    for amulet tests to pass.

    Change-Id: I8f1036bd8797a336d836a6b3f6fa9cb50f7a8fa8
    Closes-Bug: #1770144

Changed in charm-heat:
status: In Progress → Fix Committed
David Ames (thedac) on 2018-11-20
Changed in charm-heat:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers