1467317 – [aodh] No validation check for 'query' params of alarm type 'event'

Bug 1467317 - [aodh] No validation check for 'query' params of alarm type 'event'

Summary: [aodh] No validation check for 'query' params of alarm type 'event'

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-aodh
Sub Component:
Version:	10.0 (Newton)
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	low
Target Milestone:	Upstream M3
Target Release:	14.0 (Rocky)
Assignee:	Vinay Kapalavai
QA Contact:	Sasha Smolyak
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-07-03 11:34 UTC by Sachin
Modified:	2020-08-13 09:33 UTC (History)
CC List:	9 users (show)
Fixed In Version:	openstack-aodh-6.0.1-0.20180726125805.958c61e.el7ost
Doc Type:	Bug Fix
Doc Text:	With this update, the aodh service now validates event type input queries. Prior to this update, input queries were not validated. An invalid input query could result in the failure to issue an alarm.
Clone Of:
Environment:
Last Closed:	2019-01-11 11:47:34 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
OpenStack gerrit	579240	0	None	None	None	2018-07-13 14:14:36 UTC
Red Hat Product Errata	RHEA-2019:0045	0	None	None	None	2019-01-11 11:48:28 UTC

Description Sachin 2017-07-03 11:34:23 UTC

Description of problem:


Following error message in /var/log/aodh/listener.log when event of type "compute.instance.power_on.*" or "compute.instance.power_off.*"
~~~
2017-07-03 07:23:15.897 2570 ERROR aodh.evaluator.event [-] Failed to evaluate alarm (id=cf5cc083-e26f-4f46-9c89-c14384fbc1fd) triggered by event = {u'event_type': u'compute.instance.power_off.start', u'traits': [[u'state', 1, u'active'], [u'user_id', 1, u'3135a4d6ee88496e8349fe31b7c4531c'], [u'service', 1, u'compute'], [u'disk_gb', 2, 20], [u'instance_type', 1, u'm1.small'], [u'tenant_id', 1, u'd29ece8f67244b6daa1b9e6dcd694d29'], [u'root_gb', 2, 20], [u'ephemeral_gb', 2, 0], [u'instance_type_id', 2, 2], [u'vcpus', 2, 1], [u'memory_mb', 2, 2048], [u'instance_id', 1, u'18e78bfd-0261-4fec-8629-389e50a281f5'], [u'host', 1, u'osp10.localdomain'], [u'request_id', 1, u'req-e6675564-770c-4b02-b5bb-7aa3dd06c983'], [u'project_id', 1, u'd29ece8f67244b6daa1b9e6dcd694d29'], [u'launched_at', 4, u'2017-05-23T07:00:51']], u'message_signature': u'45440456165bf24b335e7105652b2aa677cccb0b060537ee071c1229a687c852', u'raw': {}, u'generated': u'2017-07-03T11:23:15.806567', u'message_id': u'1154659f-eb85-4691-b332-8344e292171b'}.
2017-07-03 07:23:15.897 2570 ERROR aodh.evaluator.event Traceback (most recent call last):
2017-07-03 07:23:15.897 2570 ERROR aodh.evaluator.event   File "/usr/lib/python2.7/site-packages/aodh/evaluator/event.py", line 178, in evaluate_events
2017-07-03 07:23:15.897 2570 ERROR aodh.evaluator.event     self._evaluate_alarm(alarm, event)
2017-07-03 07:23:15.897 2570 ERROR aodh.evaluator.event   File "/usr/lib/python2.7/site-packages/aodh/evaluator/event.py", line 241, in _evaluate_alarm
2017-07-03 07:23:15.897 2570 ERROR aodh.evaluator.event     if not _compare(condition):
2017-07-03 07:23:15.897 2570 ERROR aodh.evaluator.event   File "/usr/lib/python2.7/site-packages/aodh/evaluator/event.py", line 238, in _compare
2017-07-03 07:23:15.897 2570 ERROR aodh.evaluator.event     return condition['op'](v, condition['value'])
2017-07-03 07:23:15.897 2570 ERROR aodh.evaluator.event TypeError: 'unicode' object is not callable
2017-07-03 07:23:15.897 2570 ERROR aodh.evaluator.event 
2017-07-03 07:23:18.932 2570 ERROR aodh.evaluator.event [-] Failed to evaluate alarm (id=cf5cc083-e26f-4f46-9c89-c14384fbc1fd) triggered by event = {u'event_type': u'compute.instance.power_off.end', u'traits': [[u'state', 1, u'stopped'], [u'user_id', 1, u'3135a4d6ee88496e8349fe31b7c4531c'], [u'service', 1, u'compute'], [u'disk_gb', 2, 20], [u'instance_type', 1, u'm1.small'], [u'tenant_id', 1, u'd29ece8f67244b6daa1b9e6dcd694d29'], [u'root_gb', 2, 20], [u'ephemeral_gb', 2, 0], [u'instance_type_id', 2, 2], [u'vcpus', 2, 1], [u'memory_mb', 2, 2048], [u'instance_id', 1, u'18e78bfd-0261-4fec-8629-389e50a281f5'], [u'host', 1, u'osp10.localdomain'], [u'request_id', 1, u'req-e6675564-770c-4b02-b5bb-7aa3dd06c983'], [u'project_id', 1, u'd29ece8f67244b6daa1b9e6dcd694d29'], [u'launched_at', 4, u'2017-05-23T07:00:51']], u'message_signature': u'a813a999675be3e974f1370beafca89495cc131f855d9eefc43362da6020df4d', u'raw': {}, u'generated': u'2017-07-03T11:23:18.921098', u'message_id': u'97a9dcfa-1ada-430b-a518-1f9c18f0f67e'}.
2017-07-03 07:23:18.932 2570 ERROR aodh.evaluator.event Traceback (most recent call last):
2017-07-03 07:23:18.932 2570 ERROR aodh.evaluator.event   File "/usr/lib/python2.7/site-packages/aodh/evaluator/event.py", line 178, in evaluate_events
2017-07-03 07:23:18.932 2570 ERROR aodh.evaluator.event     self._evaluate_alarm(alarm, event)
2017-07-03 07:23:18.932 2570 ERROR aodh.evaluator.event   File "/usr/lib/python2.7/site-packages/aodh/evaluator/event.py", line 241, in _evaluate_alarm
2017-07-03 07:23:18.932 2570 ERROR aodh.evaluator.event     if not _compare(condition):
2017-07-03 07:23:18.932 2570 ERROR aodh.evaluator.event   File "/usr/lib/python2.7/site-packages/aodh/evaluator/event.py", line 238, in _compare
2017-07-03 07:23:18.932 2570 ERROR aodh.evaluator.event     return condition['op'](v, condition['value'])
2017-07-03 07:23:18.932 2570 ERROR aodh.evaluator.event TypeError: 'unicode' object is not callable
2017-07-03 07:23:18.932 2570 ERROR aodh.evaluator.event 
~~~


Version-Release number of selected component (if applicable):
~~~
[root@osp10 ~]# rpm -qa | grep aodh
openstack-aodh-notifier-3.0.1-6.el7ost.noarch
python-aodhclient-0.7.0-1.el7ost.noarch
openstack-aodh-evaluator-3.0.1-6.el7ost.noarch
openstack-aodh-common-3.0.1-6.el7ost.noarch
openstack-aodh-api-3.0.1-6.el7ost.noarch
puppet-aodh-9.5.0-1.el7ost.noarch
python-aodh-3.0.1-6.el7ost.noarch
openstack-aodh-listener-3.0.1-6.el7ost.noarch
~~~

How reproducible:
Always


Steps to Reproduce:
1. Create aodh alarm of type event
~~~
aodh --debug alarm create \
	   --type event \
	   --name instance_off \
	   --description 'event_instance_power_off' \
	   --enable True \
	   --event-type "compute.instance.power_off.*" \
	   --alarm-action 'log://' \
	   --ok-action 'log://' \
	   --insufficient-data-action 'log://' \
	   --query --query '{"=": {"id": "aodh --debug alarm create \
	   --type event \
	   --name instance_on \
	   --description 'event_instance_power_off' \
	   --enable True \
	   --event-type "compute.instance.power_off.*" \
	   --alarm-action 'log://' \
	   --ok-action 'log://' \
	   --insufficient-data-action 'log://' \
	   --query --query '{"=": {"id": "bb912729-fa51-443b-bac6-bf4c795f081d"}}' \
           --resource-type instance

~~~

2. Shutdown instance
~~~
openstack server stop 18e78bfd-0261-4fec-8629-389e50a281f5
~~~

Actual results:
Throws error


Expected results:
Should trigger alarm

Additional info:

Comment 2 Julien Danjou 2017-07-03 15:07:28 UTC

Your query is in the wrong format, and it seems there is not validation in Aodh API, sigh.

Check the documentation for the proper format. It's:

https://github.com/openstack/aodh/blob/master/doc/source/event-alarm.rst#usage

Leaving the bug opened as it's a bug not validating the entry.

Comment 3 Sachin 2017-07-15 07:10:33 UTC

@Julien Thanks. The docs was useful

Following query worked!
~~~
aodh --debug alarm create \
	 --type event \
	 --name instance_off \
	 --description 'event_instance_power_off' \
	 --event-type "compute.instance.power_off.*" \
	 --enable True \
	 --query "traits.instance_id=string::bb912729-fa51-443b-bac6-f4c795f081d" \
	 --alarm-action 'log://' \
	 --ok-action 'log://' \
	 --insufficient-data-action 'log://' \
	 --resource-type instance
~~~

Changing bug title

Comment 12 Sasha Smolyak 2018-10-31 09:57:17 UTC

Input:
aodh --debug alarm create \
	 --type event \
	 --name instance_off \
	 --description 'event_instance_power_off' \
	 --event-type "compute.instance.power_off.*" \
	 --enable True \
	 --query  '{"=": {"id": "bb912729-fa51-443b-bac6-bf4c795f081d"}}' \
	 --alarm-action 'log://' \
	 --ok-action 'log://' \
	 --insufficient-data-action 'log://' \
	 --resource-type instance
Output:
aodhclient.exceptions.BadRequest: Query value or traits invalid: does not match regular expression for dictionary value @ data['field'] (HTTP 400)

Input: 
aodh --debug alarm create \
	 --type event \
	 --name instance_off \
	 --description 'event_instance_power_off' \
	 --event-type "compute.instance.power_off.*" \
	 --enable True \
	 --query  "traits.instance_id=string::bb912729-fa51-443b-bac6-f4c795f081d" \
	 --alarm-action 'log://' \
	 --ok-action 'log://' \
	 --insufficient-data-action 'log://' \
	 --resource-type instance
Output:
a built alarm

Verified

Comment 14 errata-xmlrpc 2019-01-11 11:47:34 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2019:0045

Note You need to log in before you can comment on or make changes to this bug.