Trove API Validation Disallows Wildcards in User Host

Bug #1199197 reported by Auston McReynolds on 2013-07-09
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack DBaaS (Trove)
Low
Unassigned

Bug Description

[Description]

https://github.com/openstack/trove/commit/4419cb1c035e430607492dbf066b463b8323d1d5#L2R125

The user's host is validated against the non_empty_string_pattern, which is defined as:

non_empty_string = {
    "type": "string",
    "minLength": 1,
    "maxLength": 255,
    "pattern": "^.*[0-9a-zA-Z]+.*$"
}

Previous to this commit, the --host flag was optional (it would conveniently default to '%'). This behavior has been broken, as well as the ability to include wildcards (via % and _).

Per http://dev.mysql.com/doc/refman/5.5/en/account-names.html, '%' and '_' are valid wildcard characters and host_ip/netmask is also an accepted format.

Note: If it was decided that defaulting the host was in poor taste, then the CLI should enforce the host argument (to be consistent) (see https://github.com/openstack/python-troveclient/blob/4ddb58ce9e609df3c0ac4be555f19643ef0511cc/troveclient/cli.py#L159)

[Example]

$ trove-cli user create --id 4a91d343-38bd-4a24-a0b4-942336f1ed03 --name myuser --password myuser --databases mydb --host % --verbose

...

BODY: {
    "users": [
        {
            "databases": [
                {
                    "name": "mydb"
                }
            ],
            "host": "%",
            "name": "myuser",
            "password": "myuser"
        }
    ]
}

RESPONSE HEADERS: {'date': 'Tue, 09 Jul 2013 01:04:29 GMT', 'status': '400', 'content-length': '102', 'content-type': 'application/json; charset=UTF-8'}
RESPONSE BODY : {
    "badRequest": {
        "code": 400,
        "message": "Validation error: u'%' does not match '^.*[0-9a-zA-Z]+.*$'"
    }
}
Validation error: u'%' does not match '^.*[0-9a-zA-Z]+.*$' (HTTP 400)

description: updated
Changed in trove:
status: New → Confirmed
importance: Undecided → Critical
assignee: nobody → Riddhi (ridhi-j-shah)
milestone: none → havana-2
Auston McReynolds (amcrn) wrote :

It looks like there was existing validation for the host in MySQLUser (See https://github.com/openstack/trove/blob/master/trove/guestagent/db/models.py#L350)

I imagine that once the regexps in trove/common/apischema.py are fixed for password + host + user, that is_valid + is_valid_user + is_valid_host_name are semi-redundant.

If you want to take it a step further, you could also take a look at MySQLDatabase and fix the inconsistencies there (ex: name has a check for > 64 chars, yet apischema.py permits 255, charset checks, etc.)

Justin Hopper (justin-hopper) wrote :

Riddhi,

There was no judgement (re: defaulting was poor taste) on my part. I may have just decided to make it a non-empty-string and given there were no existing tests that failed otherwise, left it at that.

Auston - the validation in guestagent does not get invoked until the request hits the specific guestagent instance which is long after the end-user request returns. Some of those validations may need to pulled up into the api service.

Reviewed: https://review.openstack.org/36331
Committed: http://github.com/openstack/trove/commit/74eede8e807c49c7ecd69b80c8648f85a8660f89
Submitter: Jenkins
Branch: master

commit 74eede8e807c49c7ecd69b80c8648f85a8660f89
Author: Riddhi Shah <email address hidden>
Date: Tue Jul 9 14:53:15 2013 -0500

    Wildcards in User Host

    This bug-fix, allows wildcards to be used for user host via
    providing ability to use '%' and '_'.

    Change-Id: Ife752b0efb7ac67754a705b599eb9a68f9978dee
    Fixes: bug #1199197

Changed in trove:
status: Confirmed → Fix Committed
Thierry Carrez (ttx) on 2013-07-17
Changed in trove:
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2013-10-18
Changed in trove:
milestone: havana-2 → 2013.2
Auston McReynolds (amcrn) wrote :

The patch allows '%' as a host, but more complex examples do not work:

$ trove user-create 45f6bc02-0d84-46e1-83e6-db7f3f064677 newuser mypass --host '%.com'
ERROR: The server could not comply with the request since it is either malformed or otherwise incorrect.

REQ: curl -i http://IP:8779/v1.0/549d075f78c045e984bb03e62f6ba91c/instances/45f6bc02-0d84-46e1-83e6-db7f3f064677/users -X POST -H "X-Auth-Project-Id: admin" -H "User-Agent: python-troveclient" -H "Content-Type: application/json" -H "Accept: application/json" -H "X-Auth-Token: REDACTED" -d '{"users": [{"host": "%.com", "password": "mypass", "name": "newuser", "databases": []}]}'

Per http://dev.mysql.com/doc/refman/5.5/en/account-names.html, this should work.

Changed in trove:
status: Fix Released → New
Auston McReynolds (amcrn) wrote :

  File "/opt/local/openstack/trove/2014.1.a103.gb214e9e/lib/python2.7/site-packages/trove/common/wsgi.py", line 323, in execute_action
    **action_args)
  File "/opt/local/openstack/trove/2014.1.a103.gb214e9e/lib/python2.7/site-packages/trove/openstack/common/wsgi.py", line 395, in execute_action
    return self.dispatch(self.controller, action, request, **action_args)
  File "/opt/local/openstack/trove/2014.1.a103.gb214e9e/lib/python2.7/site-packages/trove/openstack/common/wsgi.py", line 404, in dispatch
    return method(*args, **kwargs)
  File "/opt/local/openstack/trove/2014.1.a103.gb214e9e/lib/python2.7/site-packages/trove/extensions/mysql/service.py", line 93, in create
    raise exception.BadRequest(msg=str(e))
BadRequest: The server could not comply with the request since it is either malformed or otherwise incorrect.

Changed in trove:
assignee: Riddhi (ridhi-j-shah) → nobody
status: New → Fix Committed
Changed in trove:
status: Fix Committed → Triaged
milestone: 2013.2 → icehouse-3
Changed in trove:
assignee: nobody → Sushil Kumar (sushil-kumar2)

Fix proposed to branch: master
Review: https://review.openstack.org/67566

Changed in trove:
status: Triaged → In Progress
Changed in trove:
milestone: icehouse-3 → next
milestone: next → icehouse-rc1
Changed in trove:
importance: Critical → Medium
milestone: icehouse-rc1 → next
Changed in trove:
milestone: next → juno-1
Nikhil Manchanda (slicknik) wrote :

Sushil: Any updates on this?

Changed in trove:
milestone: juno-1 → juno-2
Changed in trove:
milestone: juno-2 → juno-3
Changed in trove:
milestone: juno-3 → next
Amrith Kumar (amrith) wrote :

Updating importance to "Low" (bugscrub, 2014-10-23)

Changed in trove:
importance: Medium → Low
Amrith Kumar (amrith) on 2016-04-05
Changed in trove:
status: In Progress → Confirmed
assignee: Sushil Kumar (sushil-kumar2) → nobody
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers