2024-01-24 06:45:34 |
Ai Hamano |
description |
- Problem
When Enhanced Tacker Policy is enabled, if the "extra" attribute is not included in the response, data cannot be obtained correctly with "vim list" (GET /v1.0/vims).
Case where response does not include "extra"
````
$ curl -g -X GET "http://127.0.0.1:9890/v1.0/vims?fields=id" -H "Accept: application/json" -H "X-Auth-Token: $TOKEN"
{"vims": []}
````
->The expected response is below.
````
{"vims": [{"id": "88e5cb77-d4d4-4e91-a930-09c014723b45"}]}
````
Case where response include "extra"
````
$ curl -g -X GET "http://127.0.0.1:9890/v1.0/vims?fields=id&fields=extra" -H "Accept: application/json" -H "X-Auth-Token: $TOKEN "
{"vims": [{"id": "88e5cb77-d4d4-4e91-a930-09c014723b45", "extra": {"area": "tokyo@japan"}}]}
````
- Cause
When Enhanced Tacker Policy is enabled, policy checks are performed using the value of vim's "extra" attributes.
```
"vim": {
...
"extra": {
"area": "tokyo@japan"
},
...
}
```
Therefore, if "fields" is specified in the query parameter and the "extra" attribute is no longer included in the response, the policy check will unintentionally fail and data will not be retrieved as expected.
- Impact
In the "openstack vim show" and "openstack vim delete" commands, execute "vim list" with "fields=id" specified as the query parameter before executing "vim show/delete".
Therefore, when Enhanced Tacker Policy is enabled, the "openstack vim show" and "openstack vim delete" commands cannot be executed correctly.
Example
```
$ openstack vim show 88e5cb77-d4d4-4e91-a930-09c014723b45 -vv
...
REQ: curl -g -i -X GET http://127.0.0.1:9890/v1.0/vims.json?id=88e5cb77-d4d4-4e91-a930-09c014723b45&fields=id -H "Accept: application/json" -H "User-Agent: python-tackerclient"...
RESP BODY: {"vims": []}
...
REQ: curl -g -i -X GET http://127.0.0.1:9890/v1.0/vims.json?name=88e5cb77-d4d4-4e91-a930-09c014723b45&fields=id -H "Accept: application/json" -H "User-Agent: python-tackerclient" ...
RESP BODY: {"vims": []}
...
clean_up ShowVIM: Unable to find vim with name '88e5cb77-d4d4-4e91-a930-09c014723b45'
``` |
- Problem
When Enhanced Tacker Policy is enabled, if the "extra" attribute is not included in the response, data cannot be obtained correctly with "vim list" (GET /v1.0/vims).
Case where response does not include "extra"
````
$ curl -g -X GET "http://127.0.0.1:9890/v1.0/vims?fields=id" -H "Accept: application/json" -H "X-Auth-Token: $TOKEN"
{"vims": []}
````
->The expected response is below.
````
{"vims": [{"id": "88e5cb77-d4d4-4e91-a930-09c014723b45"}]}
````
Case where response include "extra"
````
$ curl -g -X GET "http://127.0.0.1:9890/v1.0/vims?fields=id&fields=extra" -H "Accept: application/json" -H "X-Auth-Token: $TOKEN "
{"vims": [{"id": "88e5cb77-d4d4-4e91-a930-09c014723b45", "extra": {"area": "tokyo@japan"}}]}
````
- Cause
When Enhanced Tacker Policy is enabled, policy checks are performed using the value of vim's "extra" attributes.
```
"vim": {
...
"extra": {
"area": "tokyo@japan"
},
...
}
```
Therefore, if "fields" is specified in the query parameter and the "extra" attribute is no longer included in the response, the policy check will unintentionally fail and data will not be retrieved as expected.
- Impact
In the "openstack vim show/set/delete" commands, execute "vim list" with "fields=id" specified as the query parameter before executing "vim show/set/delete".
Therefore, when Enhanced Tacker Policy is enabled, the "openstack vim show/set/delete" commands cannot be executed correctly.
Example
```
$ openstack vim show 88e5cb77-d4d4-4e91-a930-09c014723b45 -vv
...
REQ: curl -g -i -X GET http://127.0.0.1:9890/v1.0/vims.json?id=88e5cb77-d4d4-4e91-a930-09c014723b45&fields=id -H "Accept: application/json" -H "User-Agent: python-tackerclient"...
RESP BODY: {"vims": []}
...
REQ: curl -g -i -X GET http://127.0.0.1:9890/v1.0/vims.json?name=88e5cb77-d4d4-4e91-a930-09c014723b45&fields=id -H "Accept: application/json" -H "User-Agent: python-tackerclient" ...
RESP BODY: {"vims": []}
...
clean_up ShowVIM: Unable to find vim with name '88e5cb77-d4d4-4e91-a930-09c014723b45'
``` |
|