certificate install from remote API fails with exception
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Teresa Ho |
Bug Description
Brief Description
-----------------
Using the API to install a certificate results in an exception in the sysinv-api process and a 500 response code to the user. The certificate install handler assumes that the incoming request will contain a "certificate_file" attribute which points to the absolute path of the certificate file being installed. This is in addition to the actual file contents that are included in the multipart message. When this "certificate_file" attribute is not provided the API throws an exception.
This code block assumes that the certificate_file is always present, but it is not required so the code should be changed to first check for None.
if os.path.
if not os.path.
msg = "'certificate_file' is not a valid file path"
The "certificate_file" attribute is only valid/meaningful when the cgts-client installs the certificate from a local filesystem. Under this usecase scenario, the file path is passed to the API and the API deletes the file for security reasons once the command completes. If the cgts-client is run remotely then this no longer makes sense. This should be refactored so that the certificate_file is no longer passed to the API and no longer expected by the API. If the file needs to be deleted then it should be deleted by the client; not by the API.
Severity
--------
Critical
Steps to Reproduce
------------------
This can be tested with a custom API client or complex curl commands but the easiest way is to simply manually modify the cgts-client code to not pass the certificate_file attribute.
Remove 'certificate_file' from this location at: cgtsclient/
data = {'passphrase': args.passphrase,
'mode': args.mode,
Expected Behavior
------------------
No exceptions are expected.
Actual Behavior
----------------
This exception is thrown:
2019-04-27 07:04:03.817 5783 ERROR /usr/lib/
2019-04-27 07:04:03.817 5783 TRACE /usr/lib/
2019-04-27 07:04:03.817 5783 TRACE /usr/lib/
2019-04-27 07:04:03.817 5783 TRACE /usr/lib/
2019-04-27 07:04:03.817 5783 TRACE /usr/lib/
2019-04-27 07:04:03.817 5783 TRACE /usr/lib/
2019-04-27 07:04:03.817 5783 TRACE /usr/lib/
2019-04-27 07:04:03.817 5783 TRACE /usr/lib/
2019-04-27 07:04:03.817 5783 TRACE /usr/lib/
2019-04-27 07:04:03.817 5783 TRACE /usr/lib/
2019-04-27 07:04:03.817 5783 TRACE /usr/lib/
2019-04-27 07:04:03.817 5783 TRACE /usr/lib/
2019-04-27 07:04:03.817 5783 TRACE /usr/lib/
2019-04-27 07:04:03.817 5783 TRACE /usr/lib/
2019-04-27 07:04:03.817 5783 TRACE /usr/lib/
2019-04-27 07:04:03.817 5783 TRACE /usr/lib/
2019-04-27 07:04:03.817 5783 TRACE /usr/lib/
2019-04-27 07:04:03.817 5783 TRACE /usr/lib/
2019-04-27 07:04:03.817 5783 TRACE /usr/lib/
2019-04-27 07:04:03.817 5783 TRACE /usr/lib/
2019-04-27 07:04:03.817 5783 TRACE /usr/lib/
2019-04-27 07:04:03.817 5783 TRACE /usr/lib/
Reproducibility
---------------
100%
System Configuration
-------
Any
Branch/Pull Time/Commit
-------
2019-04-24
Last Pass
---------
Unknown
Timestamp/Logs
--------------
See above
Test Activity
-------------
Developer testing
Changed in starlingx: | |
status: | New → Triaged |
importance: | Undecided → High |
assignee: | nobody → Teresa Ho (teresaho) |
tags: | added: stx.2.0 stx.retestneeded |
tags: | added: stx.config |
Changed in starlingx: | |
status: | Triaged → In Progress |
Marking stx.2.0 release gating as https functionality is not working via APIs.