oslo.messaging

Heat breaks due to context sanitization

Bug #2037312 reported by Jay Faulkner
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
oslo.messaging
Fix Released
Undecided
Jay Faulkner

Bug Description

We noticed unit tests failing here: https://review.opendev.org/c/openstack/requirements/+/892919 on heat, while trying to bump oslo.messaging versions.

I discovered that if is_admin is filtered from contexts, as it is since https://github.com/openstack/oslo.messaging/commit/1b315615e7dc61dbf845bd663560fc8d5a18fa09, that heat will take the partial context and do a round trip to check if the user is an admin: https://github.com/openstack/heat/blob/master/heat/common/context.py#L120

These unit test failures were cleared by adding `is_admin` to the safe list, keeping heat from needing to make that invalid round trip. This entire class of issue will be eliminated in Caracal when we utilize the new RequestContext.sanitized_copy(), but we need the simpler fix first to be backportable.

Jay Faulkner (jason-oldos)
Changed in oslo.messaging:
status: New → Confirmed
assignee: nobody → Jay Faulkner (jason-oldos)
OpenStack Infra (hudson-openstack)
Changed in oslo.messaging:
status: Confirmed → In Progress
Revision history for this message
Dr. Jens Harbott (j-harbott) wrote :

fix proposed at https://review.opendev.org/c/openstack/oslo.messaging/+/896451

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to oslo.messaging (master)

Reviewed: https://review.opendev.org/c/openstack/oslo.messaging/+/896451
Committed: https://opendev.org/openstack/oslo.messaging/commit/c1b606f77e69a2829fcfdb74b8b3f646d4b60929
Submitter: "Zuul (22348)"
Branch: master

commit c1b606f77e69a2829fcfdb74b8b3f646d4b60929
Author: Jay Faulkner <email address hidden>
Date: Mon Sep 25 10:28:48 2023 -0700

    Add is_admin to safe fields list for notifications

    We encountered bug 2037312 in unit tests when attempting to get this
    change rolled out. Heat apparently will attempt to set is_admin using
    policy logic if it's not passed in for a new context; this breaks as the
    context we are requested doesn't have all the needed information to
    exercise the policy logic.

    is_admin is just a bool; it's not sensitive; easiest route forward is to
    add it to the safe list

    Closes-bug: 2037312
    Change-Id: I78b08edfcb8115cddd7de9c6c788c0a57c8218a8

Changed in oslo.messaging:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to oslo.messaging (stable/2023.2)

Reviewed: https://review.opendev.org/c/openstack/oslo.messaging/+/896422
Committed: https://opendev.org/openstack/oslo.messaging/commit/29623702fc1ebce240b6d368ee95ab9f479d5e02
Submitter: "Zuul (22348)"
Branch: stable/2023.2

commit 29623702fc1ebce240b6d368ee95ab9f479d5e02
Author: Jay Faulkner <email address hidden>
Date: Mon Sep 25 10:28:48 2023 -0700

    Add is_admin to safe fields list for notifications

    We encountered bug 2037312 in unit tests when attempting to get this
    change rolled out. Heat apparently will attempt to set is_admin using
    policy logic if it's not passed in for a new context; this breaks as the
    context we are requested doesn't have all the needed information to
    exercise the policy logic.

    is_admin is just a bool; it's not sensitive; easiest route forward is to
    add it to the safe list

    Closes-bug: 2037312
    Change-Id: I78b08edfcb8115cddd7de9c6c788c0a57c8218a8
    (cherry picked from commit c1b606f77e69a2829fcfdb74b8b3f646d4b60929)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/oslo.messaging 14.4.1

This issue was fixed in the openstack/oslo.messaging 14.4.1 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to oslo.messaging (stable/2023.1)

Reviewed: https://review.opendev.org/c/openstack/oslo.messaging/+/896423
Committed: https://opendev.org/openstack/oslo.messaging/commit/45a01414689e917f6adb17f99deb71830837fa97
Submitter: "Zuul (22348)"
Branch: stable/2023.1

commit 45a01414689e917f6adb17f99deb71830837fa97
Author: Jay Faulkner <email address hidden>
Date: Mon Sep 25 10:28:48 2023 -0700

    Add is_admin to safe fields list for notifications

    We encountered bug 2037312 in unit tests when attempting to get this
    change rolled out. Heat apparently will attempt to set is_admin using
    policy logic if it's not passed in for a new context; this breaks as the
    context we are requested doesn't have all the needed information to
    exercise the policy logic.

    is_admin is just a bool; it's not sensitive; easiest route forward is to
    add it to the safe list

    Closes-bug: 2037312
    Change-Id: I78b08edfcb8115cddd7de9c6c788c0a57c8218a8
    (cherry picked from commit c1b606f77e69a2829fcfdb74b8b3f646d4b60929)
    (cherry picked from commit 29623702fc1ebce240b6d368ee95ab9f479d5e02)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to oslo.messaging (stable/zed)

Reviewed: https://review.opendev.org/c/openstack/oslo.messaging/+/896424
Committed: https://opendev.org/openstack/oslo.messaging/commit/ee0bf90b6862c3e9469068d6dd65b0cff398ba75
Submitter: "Zuul (22348)"
Branch: stable/zed

commit ee0bf90b6862c3e9469068d6dd65b0cff398ba75
Author: Jay Faulkner <email address hidden>
Date: Mon Sep 25 10:28:48 2023 -0700

    Add is_admin to safe fields list for notifications

    We encountered bug 2037312 in unit tests when attempting to get this
    change rolled out. Heat apparently will attempt to set is_admin using
    policy logic if it's not passed in for a new context; this breaks as the
    context we are requested doesn't have all the needed information to
    exercise the policy logic.

    is_admin is just a bool; it's not sensitive; easiest route forward is to
    add it to the safe list

    Closes-bug: 2037312
    Change-Id: I78b08edfcb8115cddd7de9c6c788c0a57c8218a8
    (cherry picked from commit c1b606f77e69a2829fcfdb74b8b3f646d4b60929)
    (cherry picked from commit 29623702fc1ebce240b6d368ee95ab9f479d5e02)
    (cherry picked from commit 45a01414689e917f6adb17f99deb71830837fa97)

tags: added: in-stable-zed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to oslo.messaging (stable/yoga)

Reviewed: https://review.opendev.org/c/openstack/oslo.messaging/+/896425
Committed: https://opendev.org/openstack/oslo.messaging/commit/047da4e5ed8f853c1e69f73acaa9e655c88ab6e7
Submitter: "Zuul (22348)"
Branch: stable/yoga

commit 047da4e5ed8f853c1e69f73acaa9e655c88ab6e7
Author: Jay Faulkner <email address hidden>
Date: Mon Sep 25 10:28:48 2023 -0700

    Add is_admin to safe fields list for notifications

    We encountered bug 2037312 in unit tests when attempting to get this
    change rolled out. Heat apparently will attempt to set is_admin using
    policy logic if it's not passed in for a new context; this breaks as the
    context we are requested doesn't have all the needed information to
    exercise the policy logic.

    is_admin is just a bool; it's not sensitive; easiest route forward is to
    add it to the safe list

    Closes-bug: 2037312
    Change-Id: I78b08edfcb8115cddd7de9c6c788c0a57c8218a8
    (cherry picked from commit c1b606f77e69a2829fcfdb74b8b3f646d4b60929)
    (cherry picked from commit 29623702fc1ebce240b6d368ee95ab9f479d5e02)
    (cherry picked from commit ee0bf90b6862c3e9469068d6dd65b0cff398ba75)
    (cherry picked from commit 45a01414689e917f6adb17f99deb71830837fa97)

tags: added: in-stable-yoga
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to oslo.messaging (stable/xena)

Reviewed: https://review.opendev.org/c/openstack/oslo.messaging/+/896426
Committed: https://opendev.org/openstack/oslo.messaging/commit/d1c52bab523e151f9e94ee6bed27c964d7f57a18
Submitter: "Zuul (22348)"
Branch: stable/xena

commit d1c52bab523e151f9e94ee6bed27c964d7f57a18
Author: Jay Faulkner <email address hidden>
Date: Mon Sep 25 10:28:48 2023 -0700

    Add is_admin to safe fields list for notifications

    We encountered bug 2037312 in unit tests when attempting to get this
    change rolled out. Heat apparently will attempt to set is_admin using
    policy logic if it's not passed in for a new context; this breaks as the
    context we are requested doesn't have all the needed information to
    exercise the policy logic.

    is_admin is just a bool; it's not sensitive; easiest route forward is to
    add it to the safe list

    Closes-bug: 2037312
    Change-Id: I78b08edfcb8115cddd7de9c6c788c0a57c8218a8
    (cherry picked from commit c1b606f77e69a2829fcfdb74b8b3f646d4b60929)
    (cherry picked from commit 29623702fc1ebce240b6d368ee95ab9f479d5e02)
    (cherry picked from commit ee0bf90b6862c3e9469068d6dd65b0cff398ba75)
    (cherry picked from commit 45a01414689e917f6adb17f99deb71830837fa97)
    (cherry picked from commit 047da4e5ed8f853c1e69f73acaa9e655c88ab6e7)

tags: added: in-stable-xena
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/oslo.messaging 14.5.0

This issue was fixed in the openstack/oslo.messaging 14.5.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/oslo.messaging 12.13.3

This issue was fixed in the openstack/oslo.messaging 12.13.3 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/oslo.messaging 14.2.3

This issue was fixed in the openstack/oslo.messaging 14.2.3 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/oslo.messaging 14.0.3

This issue was fixed in the openstack/oslo.messaging 14.0.3 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/oslo.messaging xena-eom

This issue was fixed in the openstack/oslo.messaging xena-eom release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.