SLO does not validate submanifests on read
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Object Storage (swift) |
New
|
Undecided
|
Unassigned |
Bug Description
Create some segment data:
$ curl http://
$ curl http://
$ curl http://
Create a manifest:
$ curl http://
...that gets referenced by another manifest:
$ curl http://
Note that despite the client sending only the path, the size and etag information *did* get recorded in the manifest, and we expect that to be used for validation on read:
$ curl -s http://
[
{
"name": "/c/x",
"bytes": 3,
"hash": "202cb962ac5907
},
{
"name": "/c/y",
"bytes": 3,
"hash": "250cf8b51c773f
}
]
$ curl -I http://
HTTP/1.1 200 OK
Content-Type: application/
Content-Length: 6
X-Static-
Etag: "79e3c0c96e5d7c
Last-Modified: Thu, 28 Sep 2023 15:41:48 GMT
X-Timestamp: 1695915707.36800
Accept-Ranges: bytes
X-Manifest-Etag: 2edc64e9befdc6c
X-Trans-Id: tx9f619a7af3f34
X-Openstack-
Date: Thu, 28 Sep 2023 15:44:41 GMT
$ curl -s http://
[
{
"name": "/c/xy",
"bytes": 6,
"hash": "79e3c0c96e5d7c
"sub_slo": true
},
{
"name": "/c/z",
"bytes": 3,
"hash": "68053af2923e00
}
]
But it isn't! If you overwrite the referenced manifest
$ curl http://
The subsequent GET sends the new data, and there's no indication that it's been modified from the original upload!
$ curl http://
789789789
The expectation is that client should have gotten a 409, similar to what would happen in other cases where the backing data for an SLO has changed.
Ugh -- looks like between 1.9.1 (which introduced the ability to have sub-SLOs) and 1.12.0 (specifically, https:/ /github. com/openstack/ swift/commit/ 19017195) Swift would write down sub-SLOs with the manifest's ETag / Content-Length -- so any fix ought to make sure those are still readable.