OpenStack Percona Cluster Charm

db: relation creation fails when charm name is > 16 characters

Bug #1794621 reported by Wouter van Bommel on 2018-09-26

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Percona Cluster Charm	Won't Fix	Low	Wouter van Bommel

Bug Description

When a database relation is created, the databasename and username for the entry are based on the name of the charm requesting the relation. Charm names are user defined.

See #647 in hooks/percona_hooks.py

The problem is that the username is limited to 16 characters, which is not taken into account. The other issue is, that limiting the username to 16 chars will result in conflicts if multiple charms have the same 16 starting letters.

The lack of input validation might leave a window for sql injection, based on the naming of the charm that requests a relation to be created.

Looking to the regular mysql charm, they use a randomly generated string for the username, which should be perfectly fine.

Tags:

Alvaro Uria (aluria) on 2018-09-27

tags:

added: canonical-bootstack

Wouter van Bommel (woutervb) on 2018-09-28

Changed in charm-percona-cluster:
assignee:	nobody → Wouter van Bommel (woutervb)
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-09-28: Fix proposed to charm-percona-cluster (master)

Fix proposed to branch: master
Review: https://review.openstack.org/606202

Wouter van Bommel (woutervb) on 2018-09-28

Changed in charm-percona-cluster:
status:	In Progress → Fix Committed

Revision history for this message

Wouter van Bommel (woutervb) wrote on 2018-10-04: Re: relation creation fails when charm name is > 16 characters

Subscribed field-medium

Chris MacNaughton (chris.macnaughton) on 2018-10-09

Changed in charm-percona-cluster:
status:	Fix Committed → In Progress

Revision history for this message

Ryan Beisner (1chb1n) wrote on 2018-12-06:

Please see the reviews in gerrit. But to bring over the outstanding question to this bug:

I agree with Chris - what is the expected behavior during a charm upgrade, where a pre-existing deployment's charm is upgraded to this proposed charm? Has that been tested?

Changed in charm-percona-cluster:
importance:	Undecided → High
milestone:	none → 19.04
status:	In Progress → Incomplete

Revision history for this message

James Page (james-page) wrote on 2018-12-07:

TBH in the context of OpenStack this change makes no difference - the OS charms all use the shared-db relation, not the db relation which this change impacts.

shared-db uses a username provided by the remote service requesting setup and configuration of a new DB.

Changed in charm-percona-cluster:
status:	Incomplete → Triaged
summary:	- relation creation fails when charm name is > 16 characters + db: relation creation fails when charm name is > 16 characters

Revision history for this message

James Page (james-page) wrote on 2018-12-07:

@woutervb which charms are making use of the db relation and have this particular issue?

Changed in charm-percona-cluster:
importance:	High → Low

Ryan Beisner (1chb1n) on 2019-02-24

Changed in charm-percona-cluster:
status:	Triaged → Incomplete

David Ames (thedac) on 2019-04-17

Changed in charm-percona-cluster:
milestone:	19.04 → 19.07

David Ames (thedac) on 2019-08-12

Changed in charm-percona-cluster:
milestone:	19.07 → 19.10

David Ames (thedac) on 2019-10-24

Changed in charm-percona-cluster:
milestone:	19.10 → 20.01

James Page (james-page) on 2020-03-02

Changed in charm-percona-cluster:
milestone:	20.01 → 20.05

David Ames (thedac) on 2020-05-21

Changed in charm-percona-cluster:
milestone:	20.05 → 20.08

James Page (james-page) on 2020-08-03

Changed in charm-percona-cluster:
milestone:	20.08 → none

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-06-16: Change abandoned on charm-percona-cluster (master)

Change abandoned by "Alex Kavanagh <email address hidden>" on branch: master
Review: https://review.opendev.org/c/openstack/charm-percona-cluster/+/606202
Reason: The review is stale; there's been no further work from the OP following the review comments. If this is still required, then please re-open the review.

Revision history for this message

Alex Kavanagh (ajkavanagh) wrote on 2023-06-16:

Triaging to Won't fix, as the percona-cluster charm is now in maintenance mode. However, if this fix is still needed then please comment as to why it should be re-opened.

Changed in charm-percona-cluster:
status:	Incomplete → Won't Fix

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.