Bug 1901385

Summary: [OSP13] Nova API does not reject requests for 'os-aggregates' with invalid IDs
Product: Red Hat OpenStack Reporter: David Sedgmen <dsedgmen>
Component: openstack-novaAssignee: Stephen Finucane <stephenfin>
Status: CLOSED ERRATA QA Contact: OSP DFG:Compute <osp-dfg-compute>
Severity: medium Docs Contact:
Priority: low    
Version: 13.0 (Queens)CC: apevec, dasmith, eglynn, jhakimra, jpichon, kchamart, lhh, sbauza, sgordon, smooney, stephenfin, vromanso
Target Milestone: z14Keywords: Triaged, ZStream
Target Release: 13.0 (Queens)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-nova-17.0.13-31.el7ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1902224 (view as bug list) Environment:
Last Closed: 2021-03-18 13:09:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1902224, 1902225    
Bug Blocks:    

Description David Sedgmen 2020-11-25 02:00:06 UTC 
Description of problem:
Nova api ignore aggregate names that starts with numbers if any aggregate id matches the numbers.
For example an 'openstack show aggregate 8test' returns the aggregate with the id 8 and not the aggregate 8test.


Version-Release number of selected component (if applicable):
RHOSP 13 z13

How reproducible:
Every time

Steps to Reproduce:
1. create aggregate that starts with the id of another aggregate

Actual results:

openstack aggregate show 8test
+-------------------+----------------------------+
| Field             | Value                      |
+-------------------+----------------------------+
| availability_zone | None                       |
| created_at        | 2020-11-25T01:28:01.000000 |
| deleted           | False                      |
| deleted_at        | None                       |
| hosts             | []                         |
| id                | 8                          |
| name              | 5to3-test                  |
| properties        |                            |
| updated_at        | None                       |
+-------------------+----------------------------+

Expected results:
openstack aggregate show 8test
+-------------------+----------------------------+
| Field             | Value                      |
+-------------------+----------------------------+
| availability_zone | None                       |
| created_at        | 2020-11-25T01:32:00.000000 |
| deleted           | False                      |
| deleted_at        | None                       |
| hosts             | []                         |
| id                | 14                         |
| name              | 8test                      |
| properties        |                            |
| updated_at        | None                       |
+-------------------+----------------------------+

Additional info:
This seems to be caused because when you access the API with a name the API returns a 404 and then a second call is made that retrieves a list of aggregates

But if this names starts with a number, the API seems to slurp the number and ignore the rest of the text. 
If this number contains a valid ID it returns the results.

If there is no aggregate that matches the number it returns the results as expected

~~~
REQ: curl -g -i -X GET https://overcloud.redhat.local:13774/v2.1/os-aggregates/8test -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-Auth-Token: {SHA1}b795ba2b399ceb203b43554464bb42071e61cce2"
Starting new HTTPS connection (1): overcloud.redhat.local
https://overcloud.redhat.local:13774 "GET /v2.1/os-aggregates/8test HTTP/1.1" 200 159
RESP: [200] Date: Wed, 25 Nov 2020 01:32:10 GMT Server: Apache OpenStack-API-Version: compute 2.1 X-OpenStack-Nova-API-Version: 2.1 Vary: OpenStack-API-Version,X-OpenStack-Nova-API-Version,Accept-Encoding x-openstack-request-id: req-4c597909-3469-4389-99a5-fd022f32290f x-compute-request-id: req-4c597909-3469-4389-99a5-fd022f32290f Content-Encoding: gzip Content-Length: 159 Content-Type: application/json 
RESP BODY: {"aggregate": {"name": "5to3-test", "availability_zone": null, "deleted": false, "created_at": "2020-11-25T01:28:01.000000", "updated_at": null, "hosts": [], "deleted_at": null, "id": 8, "metadata": {}}}

GET call to compute for https://overcloud.redhat.local:13774/v2.1/os-aggregates/8test used request id req-4c597909-3469-4389-99a5-fd022f32290f
+-------------------+----------------------------+
| Field             | Value                      |
+-------------------+----------------------------+
| availability_zone | None                       |
| created_at        | 2020-11-25T01:28:01.000000 |
| deleted           | False                      |
| deleted_at        | None                       |
| hosts             | []                         |
| id                | 8                          |
| name              | 5to3-test                  |
| properties        |                            |
| updated_at        | None                       |
+-------------------+----------------------------+
clean_up ShowAggregate: 
END return value: 0
~~~

~~~
REQ: curl -g -i -X GET https://overcloud.redhat.local:13774/v2.1/os-aggregates/test -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-Auth-Token: {SHA1}29711e93fbc3ad59efb61dbcb5223669a39a8dc0"
Starting new HTTPS connection (1): overcloud.redhat.local
https://overcloud.redhat.local:13774 "GET /v2.1/os-aggregates/test HTTP/1.1" 404 80
RESP: [404] Date: Wed, 25 Nov 2020 01:34:09 GMT Server: Apache OpenStack-API-Version: compute 2.1 X-OpenStack-Nova-API-Version: 2.1 Vary: OpenStack-API-Version,X-OpenStack-Nova-API-Version x-openstack-request-id: req-e0b7a956-a23e-4e7c-a432-dc4a3a5b7951 x-compute-request-id: req-e0b7a956-a23e-4e7c-a432-dc4a3a5b7951 Content-Length: 80 Content-Type: application/json; charset=UTF-8 
RESP BODY: {"itemNotFound": {"message": "Aggregate test could not be found.", "code": 404}}

GET call to compute for https://overcloud.redhat.local:13774/v2.1/os-aggregates/test used request id req-e0b7a956-a23e-4e7c-a432-dc4a3a5b7951
REQ: curl -g -i -X GET https://overcloud.redhat.local:13774/v2.1/os-aggregates -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-Auth-Token: {SHA1}29711e93fbc3ad59efb61dbcb5223669a39a8dc0"
https://overcloud.redhat.local:13774 "GET /v2.1/os-aggregates HTTP/1.1" 200 221
RESP: [200] Date: Wed, 25 Nov 2020 01:34:09 GMT Server: Apache OpenStack-API-Version: compute 2.1 X-OpenStack-Nova-API-Version: 2.1 Vary: OpenStack-API-Version,X-OpenStack-Nova-API-Version,Accept-Encoding x-openstack-request-id: req-555691d2-8dc8-4110-b740-68a18f8bf992 x-compute-request-id: req-555691d2-8dc8-4110-b740-68a18f8bf992 Content-Encoding: gzip Content-Length: 221 Content-Type: application/json 
RESP BODY: {"aggregates": [{"name": "1to3-test", "availability_zone": null, "deleted": false, "created_at": "2020-11-25T01:27:43.000000", "updated_at": null, "hosts": [], "deleted_at": null, "id": 2, "metadata": {}}, {"name": "2to3-test", "availability_zone": null, "deleted": false, "created_at": "2020-11-25T01:27:53.000000", "updated_at": null, "hosts": [], "deleted_at": null, "id": 5, "metadata": {}}, {"name": "5to3-test", "availability_zone": null, "deleted": false, "created_at": "2020-11-25T01:28:01.000000", "updated_at": null, "hosts": [], "deleted_at": null, "id": 8, "metadata": {}}, {"name": "8and3-test", "availability_zone": null, "deleted": false, "created_at": "2020-11-25T01:31:10.000000", "updated_at": null, "hosts": [], "deleted_at": null, "id": 11, "metadata": {}}, {"name": "8test", "availability_zone": null, "deleted": false, "created_at": "2020-11-25T01:32:00.000000", "updated_at": null, "hosts": [], "deleted_at": null, "id": 14, "metadata": {}}, {"name": "test", "availability_zone": null, "deleted": false, "created_at": "2020-11-25T01:34:01.000000", "updated_at": null, "hosts": [], "deleted_at": null, "id": 17, "metadata": {}}]}

GET call to compute for https://overcloud.redhat.local:13774/v2.1/os-aggregates used request id req-555691d2-8dc8-4110-b740-68a18f8bf992
+-------------------+----------------------------+
| Field             | Value                      |
+-------------------+----------------------------+
| availability_zone | None                       |
| created_at        | 2020-11-25T01:34:01.000000 |
| deleted           | False                      |
| deleted_at        | None                       |
| hosts             | []                         |
| id                | 17                         |
| name              | test                       |
| properties        |                            |
| updated_at        | None                       |
+-------------------+----------------------------+
clean_up ShowAggregate: 
END return value: 0



https://overcloud.redhat.local:13774 "GET /v2.1/os-aggregates/7test HTTP/1.1" 404 81
RESP: [404] Date: Wed, 25 Nov 2020 01:58:49 GMT Server: Apache OpenStack-API-Version: compute 2.1 X-OpenStack-Nova-API-Version: 2.1 Vary: OpenStack-API-Version,X-OpenStack-Nova-API-Version x-openstack-request-id: req-870c502b-45c5-46ec-b27e-85fc7bfbdb5c x-compute-request-id: req-870c502b-45c5-46ec-b27e-85fc7bfbdb5c Content-Length: 81 Content-Type: application/json; charset=UTF-8 
RESP BODY: {"itemNotFound": {"message": "Aggregate 7test could not be found.", "code": 404}}

GET call to compute for https://overcloud.redhat.local:13774/v2.1/os-aggregates/7test used request id req-870c502b-45c5-46ec-b27e-85fc7bfbdb5c
REQ: curl -g -i -X GET https://overcloud.redhat.local:13774/v2.1/os-aggregates -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-Auth-Token: {SHA1}6e695b5426a9bcd86f7d34520ba8b92e23db817b"
https://overcloud.redhat.local:13774 "GET /v2.1/os-aggregates HTTP/1.1" 200 236
RESP: [200] Date: Wed, 25 Nov 2020 01:58:50 GMT Server: Apache OpenStack-API-Version: compute 2.1 X-OpenStack-Nova-API-Version: 2.1 Vary: OpenStack-API-Version,X-OpenStack-Nova-API-Version,Accept-Encoding x-openstack-request-id: req-1704be8a-5032-446c-8f3e-250cf3f3ab3b x-compute-request-id: req-1704be8a-5032-446c-8f3e-250cf3f3ab3b Content-Encoding: gzip Content-Length: 236 Content-Type: application/json 
RESP BODY: {"aggregates": [{"name": "1to3-test", "availability_zone": null, "deleted": false, "created_at": "2020-11-25T01:27:43.000000", "updated_at": null, "hosts": [], "deleted_at": null, "id": 2, "metadata": {}}, {"name": "2to3-test", "availability_zone": null, "deleted": false, "created_at": "2020-11-25T01:27:53.000000", "updated_at": null, "hosts": [], "deleted_at": null, "id": 5, "metadata": {}}, {"name": "5to3-test", "availability_zone": null, "deleted": false, "created_at": "2020-11-25T01:28:01.000000", "updated_at": null, "hosts": [], "deleted_at": null, "id": 8, "metadata": {}}, {"name": "8and3-test", "availability_zone": null, "deleted": false, "created_at": "2020-11-25T01:31:10.000000", "updated_at": null, "hosts": [], "deleted_at": null, "id": 11, "metadata": {}}, {"name": "8test", "availability_zone": null, "deleted": false, "created_at": "2020-11-25T01:32:00.000000", "updated_at": null, "hosts": [], "deleted_at": null, "id": 14, "metadata": {}}, {"name": "test", "availability_zone": null, "deleted": false, "created_at": "2020-11-25T01:34:01.000000", "updated_at": null, "hosts": [], "deleted_at": null, "id": 17, "metadata": {}}, {"name": "7test", "availability_zone": null, "deleted": false, "created_at": "2020-11-25T01:58:31.000000", "updated_at": null, "hosts": [], "deleted_at": null, "id": 20, "metadata": {}}]}

GET call to compute for https://overcloud.redhat.local:13774/v2.1/os-aggregates used request id req-1704be8a-5032-446c-8f3e-250cf3f3ab3b
+-------------------+----------------------------+
| Field             | Value                      |
+-------------------+----------------------------+
| availability_zone | None                       |
| created_at        | 2020-11-25T01:58:31.000000 |
| deleted           | False                      |
| deleted_at        | None                       |
| hosts             | []                         |
| id                | 20                         |
| name              | 7test                      |
| properties        |                            |
| updated_at        | None                       |
+-------------------+----------------------------+
clean_up ShowAggregate: 
END return value: 0
~~~
Comment 1 smooney 2020-11-26 17:45:17 UTC 
the os-aggreates api does not support doing a show by name 

https://docs.openstack.org/api-ref/compute/?expanded=show-aggregate-details-detail#show-aggregate-details

show call GET /os-aggregates/{aggregate_id} 

where aggregate_id is the id

the list endpoint support  filtering via the name query arg


/os-aggregates

https://docs.openstack.org/api-ref/compute/?expanded=list-aggregates-detail#list-aggregates

so GET /os-aggregates?name=7test is valid but

GET /os-aggregates/7test is not a vaild api call.


GET /v2.1/os-aggregates/7test  should actully be retruning a 400 badrequest


instead of a 404 but openstack show aggregate 8test is not a valid command.


so there is a bug in that the nova api is not returning a 400 for the invalid request there is alos another bug

the openstack client suggest that aggreate can be the name or id

usage: openstack aggregate show [-h] [-f {json,shell,table,value,yaml}]
                                [-c COLUMN] [--noindent] [--prefix PREFIX]
                                [--max-width <integer>] [--fit-width]
                                [--print-empty]
                                <aggregate>

Display aggregate details

positional arguments:
  <aggregate>           Aggregate to display (name or ID)


to support that osc shoudl be validating the input and determine if its an int or a name
it shoudl then call the list endpoint with the name query arg.

so really this is a openstack client bug with a hardening opportunity at the openstack api level.

updating the componet to reflect that.
Comment 2 Stephen Finucane 2020-11-27 12:13:14 UTC 
OSC supports the use of names in operations like 'foo show' or 'foo list' by first making a request to the server's detail API with the provided string and, if the server rejects that query, making a second request to the server's list API. nova should be rejecting the former but isn't. We could harden OSC but this is a clear nova bug, first and foremost.
Comment 3 smooney 2020-11-27 12:27:41 UTC 
well the nova bug would be not rejecting the requst with a 400 initally
which we can do but it also an osc issue since  osc is not passing the name query arg when it calls the list  endpoint "GET /v2.1/os-aggregates HTTP/1.1"
Comment 14 errata-xmlrpc 2021-03-18 13:09:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 13.0 bug fix and enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:0932