oslo.messaging

RPC dispatch should restrict methods to those that are explicitly exposed

Bug #1194279 reported by Christopher Armstrong on 2013-06-24

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	oslo.messaging	Fix Released	Wishlist	Paul Vinciguerra

Bug Description

The RPC dispatcher should not allow calling any method on RPC proxy objects. Even though the RPC mechanism is meant to be entirely internal on a secure transport, there should be a reasonable attempt at security to prevent exposing internal methods of service implementations.

The following document implicitly describes an "rpc.expose" decorator which is used to specify which methods should be exposed. This should be implemented and required for future versions of code that use Oslo RPC.

https://wiki.openstack.org/wiki/Oslo/Messaging

Revision history for this message

Christopher Armstrong (radix) wrote on 2013-06-24:

Apart from the security concern, I think an expose decorator makes the code much more clear, so readers can easily determine which methods of an RPC proxy are public and which are implementation helpers.

Ben Nemec (bnemec) on 2013-08-21

Changed in oslo:
status:	New → Confirmed

Doug Hellmann (doug-hellmann) on 2014-03-18

Changed in oslo:
importance:	Undecided → Wishlist
affects:	oslo → oslo.messaging
Changed in oslo.messaging:
status:	Confirmed → Triaged

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-08-22: Fix proposed to oslo.messaging (master)

Fix proposed to branch: master
Review: https://review.openstack.org/358359

Changed in oslo.messaging:
assignee:	nobody → Paul Vinciguerra (pvinci)
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-08-31: Fix merged to oslo.messaging (master)

Reviewed: https://review.openstack.org/358359
Committed: https://git.openstack.org/cgit/openstack/oslo.messaging/commit/?id=d3a8f280ebd6fd12865fd20c4d772774e39aefa2
Submitter: Jenkins
Branch: master

commit d3a8f280ebd6fd12865fd20c4d772774e39aefa2
Author: Paul Vinciguerra <email address hidden>
Date: Sun Aug 21 19:46:28 2016 -0400

Allow dispatcher to restrict endpoint methods.

Implements access_policy for dispatcher to restrict endpoint methods.

    Implements the following access policies:
    * LegacyRPCAccessPolicy
    * DefaultRPCAccessPolicy
    * ExplicitRPCAccessPolicy

* Implement decorator @rpc.expose for use with the
ExplicitRPCAccessPolicy

    * Modify get_rpc_server to allow optional access_policy argument
    * Set default access_policy to LegacyRPCAccessPolicy (Nova exposes
     _associate_floating_ip in tempest tests). Added debtcollector
     notification.
    * Add test cases for access_policy=None
    * Clarify documentation

    Change-Id: I42239e6c8a8be158ddf5c3b1773463b7dc93e881
    Closes-Bug: 1194279
    Closes-Bug: 1555845

Changed in oslo.messaging:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-10-19: Fix included in openstack/oslo.messaging 5.11.0

This issue was fixed in the openstack/oslo.messaging 5.11.0 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.