octavia

Incorrect project_id type in API results in erratic behavior

Bug #1555401 reported by Stephen Balukoff
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
octavia
Fix Released
Critical
Stephen Balukoff

Bug Description

While troubleshooting a different problem today, I discovered that various API endpoints are set up to recognize the project_id attribute of various objects as:

project_id = wtypes.wsattr(wtypes.StringType(max_length=36))

Whereas other endpoints enforce it as:

project_id = wtypes.wsattr(wtypes.UuidType())

After some testing, I discovered that the type enforcement will allow for either hyphenated or non-hyphenated UUIDs in the request to the API. HOWEVER, the latter type checking also normalizes the UUID so that it does have hyphens, no matter what the API request contained. This is probably the desired behavior.

Since we don't presently enforce strict type checking on the project_id, this can lead to some entries in the database having the project_id stored hyphenated, while others do not store it hyphenated. This becomes a problem in sanity checks where, for example, a listener and a pool must have the same project_id. (MySQL does not interpret a hyphenated UUID being a string match for a non-hyphenated UUID).

I think the proper solution here is to use consistent type-checking for the project_id wherever we accept it as input in the API.

Stephen Balukoff (sbalukoff)
Changed in octavia:
assignee: nobody → Stephen Balukoff (sbalukoff)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to octavia (master)

Fix proposed to branch: master
Review: https://review.openstack.org/290936

Changed in octavia:
status: New → In Progress
Michael Johnson (johnsom)
Changed in octavia:
importance: Undecided → Critical
tags: added: target-mitaka
Revision history for this message
Stephen Balukoff (sbalukoff) wrote :

After checking with the other Octavia team members: Apparently some people somewhere use non-UUID project IDs. So we need to actually not enforce that the project_id is a strict UUID. However, we still need to treat the project_id consistently wherever we find it. Will update my patch to fix this accordingly.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to octavia (master)

Reviewed: https://review.openstack.org/290936
Committed: https://git.openstack.org/cgit/openstack/octavia/commit/?id=26d850c711076fbcee1e7b7ff3b6368b27e63090
Submitter: Jenkins
Branch: master

commit 26d850c711076fbcee1e7b7ff3b6368b27e63090
Author: Stephen Balukoff <email address hidden>
Date: Wed Mar 9 17:30:30 2016 -0800

    Use consistent type checking of project_id in API

    We were using inconsistent type checking for the project_id in various
    API endpoints. This could lead to erratic behavior if some API requests
    specified the project_id UUID with hyphens and some without hyphens and
    normlization occurred.

    This patch changes this behavior to use consistent type checking for the
    project_id for all API endpoints. Since this bug is a regression that is
    less than 2 weeks old, I've also introduced a few unit tests which
    should ensure we don't have another regression of the desired behavior
    anytime soon.

    Change-Id: I4c3ec52c01547196160e977029ecc5ded97c79ed
    Closes-Bug: #1555401

Changed in octavia:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.