OpenStack DBaaS (Trove)

Trove API Validation Disallows Wildcards in User Host

Bug #1199197 reported by Auston McReynolds on 2013-07-09

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack DBaaS (Trove)	Confirmed	Low	Unassigned	OpenStack DBaaS (Trove) next

Bug Description

[Description]

https://github.com/openstack/trove/commit/4419cb1c035e430607492dbf066b463b8323d1d5#L2R125

The user's host is validated against the non_empty_string_pattern, which is defined as:

non_empty_string = {
    "type": "string",
    "minLength": 1,
    "maxLength": 255,
    "pattern": "^.*[0-9a-zA-Z]+.*$"
}

Previous to this commit, the --host flag was optional (it would conveniently default to '%'). This behavior has been broken, as well as the ability to include wildcards (via % and _).

Per http://dev.mysql.com/doc/refman/5.5/en/account-names.html, '%' and '_' are valid wildcard characters and host_ip/netmask is also an accepted format.

Note: If it was decided that defaulting the host was in poor taste, then the CLI should enforce the host argument (to be consistent) (see https://github.com/openstack/python-troveclient/blob/4ddb58ce9e609df3c0ac4be555f19643ef0511cc/troveclient/cli.py#L159)

[Example]

$ trove-cli user create --id 4a91d343-38bd-4a24-a0b4-942336f1ed03 --name myuser --password myuser --databases mydb --host % --verbose

...

BODY: {
    "users": [
        {
            "databases": [
                {
                    "name": "mydb"
                }
            ],
            "host": "%",
            "name": "myuser",
            "password": "myuser"
        }
    ]
}

RESPONSE HEADERS: {'date': 'Tue, 09 Jul 2013 01:04:29 GMT', 'status': '400', 'content-length': '102', 'content-type': 'application/json; charset=UTF-8'}
RESPONSE BODY : {
    "badRequest": {
        "code": 400,
        "message": "Validation error: u'%' does not match '^.*[0-9a-zA-Z]+.*$'"
    }
}
Validation error: u'%' does not match '^.*[0-9a-zA-Z]+.*$' (HTTP 400)

See original description

Auston McReynolds (amcrn) on 2013-07-09

description:

updated

Michael Basnight (hubcap) on 2013-07-09

Changed in trove:
status:	New → Confirmed
importance:	Undecided → Critical
assignee:	nobody → Riddhi (ridhi-j-shah)
milestone:	none → havana-2

Revision history for this message

Auston McReynolds (amcrn) wrote on 2013-07-09:

It looks like there was existing validation for the host in MySQLUser (See https://github.com/openstack/trove/blob/master/trove/guestagent/db/models.py#L350)

I imagine that once the regexps in trove/common/apischema.py are fixed for password + host + user, that is_valid + is_valid_user + is_valid_host_name are semi-redundant.

If you want to take it a step further, you could also take a look at MySQLDatabase and fix the inconsistencies there (ex: name has a check for > 64 chars, yet apischema.py permits 255, charset checks, etc.)

Revision history for this message

Justin Hopper (justin-hopper) wrote on 2013-07-09:

Riddhi,

There was no judgement (re: defaulting was poor taste) on my part. I may have just decided to make it a non-empty-string and given there were no existing tests that failed otherwise, left it at that.

Auston - the validation in guestagent does not get invoked until the request hits the specific guestagent instance which is long after the end-user request returns. Some of those validations may need to pulled up into the api service.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-07-15: Fix merged to trove (master)

Reviewed: https://review.openstack.org/36331
Committed: http://github.com/openstack/trove/commit/74eede8e807c49c7ecd69b80c8648f85a8660f89
Submitter: Jenkins
Branch: master

commit 74eede8e807c49c7ecd69b80c8648f85a8660f89
Author: Riddhi Shah <email address hidden>
Date: Tue Jul 9 14:53:15 2013 -0500

Wildcards in User Host

This bug-fix, allows wildcards to be used for user host via
providing ability to use '%' and '_'.

Change-Id: Ife752b0efb7ac67754a705b599eb9a68f9978dee
Fixes: bug #1199197

Changed in trove:
status:	Confirmed → Fix Committed

Thierry Carrez (ttx) on 2013-07-17

Changed in trove:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2013-10-18

Changed in trove:
milestone:	havana-2 → 2013.2

Revision history for this message

Auston McReynolds (amcrn) wrote on 2013-10-28:

The patch allows '%' as a host, but more complex examples do not work:

$ trove user-create 45f6bc02-0d84-46e1-83e6-db7f3f064677 newuser mypass --host '%.com'
ERROR: The server could not comply with the request since it is either malformed or otherwise incorrect.

REQ: curl -i http://IP:8779/v1.0/549d075f78c045e984bb03e62f6ba91c/instances/45f6bc02-0d84-46e1-83e6-db7f3f064677/users -X POST -H "X-Auth-Project-Id: admin" -H "User-Agent: python-troveclient" -H "Content-Type: application/json" -H "Accept: application/json" -H "X-Auth-Token: REDACTED" -d '{"users": [{"host": "%.com", "password": "mypass", "name": "newuser", "databases": []}]}'

Per http://dev.mysql.com/doc/refman/5.5/en/account-names.html, this should work.

Changed in trove:
status:	Fix Released → New

Revision history for this message

Auston McReynolds (amcrn) wrote on 2013-10-28:

  File "/opt/local/openstack/trove/2014.1.a103.gb214e9e/lib/python2.7/site-packages/trove/common/wsgi.py", line 323, in execute_action
    **action_args)
  File "/opt/local/openstack/trove/2014.1.a103.gb214e9e/lib/python2.7/site-packages/trove/openstack/common/wsgi.py", line 395, in execute_action
    return self.dispatch(self.controller, action, request, **action_args)
  File "/opt/local/openstack/trove/2014.1.a103.gb214e9e/lib/python2.7/site-packages/trove/openstack/common/wsgi.py", line 404, in dispatch
    return method(*args, **kwargs)
  File "/opt/local/openstack/trove/2014.1.a103.gb214e9e/lib/python2.7/site-packages/trove/extensions/mysql/service.py", line 93, in create
    raise exception.BadRequest(msg=str(e))
BadRequest: The server could not comply with the request since it is either malformed or otherwise incorrect.

Changed in trove:
assignee:	Riddhi (ridhi-j-shah) → nobody
status:	New → Fix Committed

Michael Basnight (hubcap) on 2014-01-17

Changed in trove:
status:	Fix Committed → Triaged
milestone:	2013.2 → icehouse-3

Sushil Kumar (sushil-kumar2) on 2014-01-17

Changed in trove:
assignee:	nobody → Sushil Kumar (sushil-kumar2)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-01-17: Fix proposed to trove (master)

Fix proposed to branch: master
Review: https://review.openstack.org/67566

Changed in trove:
status:	Triaged → In Progress

Nikhil Manchanda (slicknik) on 2014-03-04

Changed in trove:
milestone:	icehouse-3 → next
milestone:	next → icehouse-rc1

Michael Basnight (hubcap) on 2014-03-18

Changed in trove:
importance:	Critical → Medium
milestone:	icehouse-rc1 → next

Nikhil Manchanda (slicknik) on 2014-04-05

Changed in trove:
milestone:	next → juno-1

Revision history for this message

Nikhil Manchanda (slicknik) wrote on 2014-06-09:

Sushil: Any updates on this?

Changed in trove:
milestone:	juno-1 → juno-2

Nikhil Manchanda (slicknik) on 2014-07-16

Changed in trove:
milestone:	juno-2 → juno-3

Nikhil Manchanda (slicknik) on 2014-08-27

Changed in trove:
milestone:	juno-3 → next

Revision history for this message

Amrith Kumar (amrith) wrote on 2014-10-23:

Updating importance to "Low" (bugscrub, 2014-10-23)

Changed in trove:
importance:	Medium → Low

Amrith Kumar (amrith) on 2016-04-05

Changed in trove:
status:	In Progress → Confirmed
assignee:	Sushil Kumar (sushil-kumar2) → nobody

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.