Bug 1901385 - [OSP13] Nova API does not reject requests for 'os-aggregates' with invalid IDs
Summary: [OSP13] Nova API does not reject requests for 'os-aggregates' with invalid IDs
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-nova
Version: 13.0 (Queens)
Hardware: Unspecified
OS: Unspecified
low
medium
Target Milestone: z14
: 13.0 (Queens)
Assignee: Stephen Finucane
QA Contact: OSP DFG:Compute
URL:
Whiteboard:
Depends On: 1902224 1902225
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-11-25 02:00 UTC by David Sedgmen
Modified: 2023-12-15 20:12 UTC (History)
12 users (show)

Fixed In Version: openstack-nova-17.0.13-31.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1902224 (view as bug list)
Environment:
Last Closed: 2021-03-18 13:09:23 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Launchpad 1865040 0 None None None 2020-11-27 12:13:12 UTC
OpenStack gerrit 764310 0 None NEW Validate id as integer for os-aggregates 2021-02-16 21:38:19 UTC
Red Hat Issue Tracker OSP-30910 0 None None None 2023-12-15 20:12:24 UTC
Red Hat Knowledge Base (Solution) 5600121 0 None None None 2020-11-25 05:32:07 UTC
Red Hat Product Errata RHBA-2021:0932 0 None None None 2021-03-18 13:10:34 UTC

Description David Sedgmen 2020-11-25 02:00:06 UTC 
Description of problem:
Nova api ignore aggregate names that starts with numbers if any aggregate id matches the numbers.
For example an 'openstack show aggregate 8test' returns the aggregate with the id 8 and not the aggregate 8test.


Version-Release number of selected component (if applicable):
RHOSP 13 z13

How reproducible:
Every time

Steps to Reproduce:
1. create aggregate that starts with the id of another aggregate

Actual results:

openstack aggregate show 8test
+-------------------+----------------------------+
| Field             | Value                      |
+-------------------+----------------------------+
| availability_zone | None                       |
| created_at        | 2020-11-25T01:28:01.000000 |
| deleted           | False                      |
| deleted_at        | None                       |
| hosts             | []                         |
| id                | 8                          |
| name              | 5to3-test                  |
| properties        |                            |
| updated_at        | None                       |
+-------------------+----------------------------+

Expected results:
openstack aggregate show 8test
+-------------------+----------------------------+
| Field             | Value                      |
+-------------------+----------------------------+
| availability_zone | None                       |
| created_at        | 2020-11-25T01:32:00.000000 |
| deleted           | False                      |
| deleted_at        | None                       |
| hosts             | []                         |
| id                | 14                         |
| name              | 8test                      |
| properties        |                            |
| updated_at        | None                       |
+-------------------+----------------------------+

Additional info:
This seems to be caused because when you access the API with a name the API returns a 404 and then a second call is made that retrieves a list of aggregates

But if this names starts with a number, the API seems to slurp the number and ignore the rest of the text. 
If this number contains a valid ID it returns the results.

If there is no aggregate that matches the number it returns the results as expected

~~~
REQ: curl -g -i -X GET https://overcloud.redhat.local:13774/v2.1/os-aggregates/8test -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-Auth-Token: {SHA1}b795ba2b399ceb203b43554464bb42071e61cce2"
Starting new HTTPS connection (1): overcloud.redhat.local
https://overcloud.redhat.local:13774 "GET /v2.1/os-aggregates/8test HTTP/1.1" 200 159
RESP: [200] Date: Wed, 25 Nov 2020 01:32:10 GMT Server: Apache OpenStack-API-Version: compute 2.1 X-OpenStack-Nova-API-Version: 2.1 Vary: OpenStack-API-Version,X-OpenStack-Nova-API-Version,Accept-Encoding x-openstack-request-id: req-4c597909-3469-4389-99a5-fd022f32290f x-compute-request-id: req-4c597909-3469-4389-99a5-fd022f32290f Content-Encoding: gzip Content-Length: 159 Content-Type: application/json 
RESP BODY: {"aggregate": {"name": "5to3-test", "availability_zone": null, "deleted": false, "created_at": "2020-11-25T01:28:01.000000", "updated_at": null, "hosts": [], "deleted_at": null, "id": 8, "metadata": {}}}

GET call to compute for https://overcloud.redhat.local:13774/v2.1/os-aggregates/8test used request id req-4c597909-3469-4389-99a5-fd022f32290f
+-------------------+----------------------------+
| Field             | Value                      |
+-------------------+----------------------------+
| availability_zone | None                       |
| created_at        | 2020-11-25T01:28:01.000000 |
| deleted           | False                      |
| deleted_at        | None                       |
| hosts             | []                         |
| id                | 8                          |
| name              | 5to3-test                  |
| properties        |                            |
| updated_at        | None                       |
+-------------------+----------------------------+
clean_up ShowAggregate: 
END return value: 0
~~~

~~~
REQ: curl -g -i -X GET https://overcloud.redhat.local:13774/v2.1/os-aggregates/test -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-Auth-Token: {SHA1}29711e93fbc3ad59efb61dbcb5223669a39a8dc0"
Starting new HTTPS connection (1): overcloud.redhat.local
https://overcloud.redhat.local:13774 "GET /v2.1/os-aggregates/test HTTP/1.1" 404 80
RESP: [404] Date: Wed, 25 Nov 2020 01:34:09 GMT Server: Apache OpenStack-API-Version: compute 2.1 X-OpenStack-Nova-API-Version: 2.1 Vary: OpenStack-API-Version,X-OpenStack-Nova-API-Version x-openstack-request-id: req-e0b7a956-a23e-4e7c-a432-dc4a3a5b7951 x-compute-request-id: req-e0b7a956-a23e-4e7c-a432-dc4a3a5b7951 Content-Length: 80 Content-Type: application/json; charset=UTF-8 
RESP BODY: {"itemNotFound": {"message": "Aggregate test could not be found.", "code": 404}}

GET call to compute for https://overcloud.redhat.local:13774/v2.1/os-aggregates/test used request id req-e0b7a956-a23e-4e7c-a432-dc4a3a5b7951
REQ: curl -g -i -X GET https://overcloud.redhat.local:13774/v2.1/os-aggregates -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-Auth-Token: {SHA1}29711e93fbc3ad59efb61dbcb5223669a39a8dc0"
https://overcloud.redhat.local:13774 "GET /v2.1/os-aggregates HTTP/1.1" 200 221
RESP: [200] Date: Wed, 25 Nov 2020 01:34:09 GMT Server: Apache OpenStack-API-Version: compute 2.1 X-OpenStack-Nova-API-Version: 2.1 Vary: OpenStack-API-Version,X-OpenStack-Nova-API-Version,Accept-Encoding x-openstack-request-id: req-555691d2-8dc8-4110-b740-68a18f8bf992 x-compute-request-id: req-555691d2-8dc8-4110-b740-68a18f8bf992 Content-Encoding: gzip Content-Length: 221 Content-Type: application/json 
RESP BODY: {"aggregates": [{"name": "1to3-test", "availability_zone": null, "deleted": false, "created_at": "2020-11-25T01:27:43.000000", "updated_at": null, "hosts": [], "deleted_at": null, "id": 2, "metadata": {}}, {"name": "2to3-test", "availability_zone": null, "deleted": false, "created_at": "2020-11-25T01:27:53.000000", "updated_at": null, "hosts": [], "deleted_at": null, "id": 5, "metadata": {}}, {"name": "5to3-test", "availability_zone": null, "deleted": false, "created_at": "2020-11-25T01:28:01.000000", "updated_at": null, "hosts": [], "deleted_at": null, "id": 8, "metadata": {}}, {"name": "8and3-test", "availability_zone": null, "deleted": false, "created_at": "2020-11-25T01:31:10.000000", "updated_at": null, "hosts": [], "deleted_at": null, "id": 11, "metadata": {}}, {"name": "8test", "availability_zone": null, "deleted": false, "created_at": "2020-11-25T01:32:00.000000", "updated_at": null, "hosts": [], "deleted_at": null, "id": 14, "metadata": {}}, {"name": "test", "availability_zone": null, "deleted": false, "created_at": "2020-11-25T01:34:01.000000", "updated_at": null, "hosts": [], "deleted_at": null, "id": 17, "metadata": {}}]}

GET call to compute for https://overcloud.redhat.local:13774/v2.1/os-aggregates used request id req-555691d2-8dc8-4110-b740-68a18f8bf992
+-------------------+----------------------------+
| Field             | Value                      |
+-------------------+----------------------------+
| availability_zone | None                       |
| created_at        | 2020-11-25T01:34:01.000000 |
| deleted           | False                      |
| deleted_at        | None                       |
| hosts             | []                         |
| id                | 17                         |
| name              | test                       |
| properties        |                            |
| updated_at        | None                       |
+-------------------+----------------------------+
clean_up ShowAggregate: 
END return value: 0



https://overcloud.redhat.local:13774 "GET /v2.1/os-aggregates/7test HTTP/1.1" 404 81
RESP: [404] Date: Wed, 25 Nov 2020 01:58:49 GMT Server: Apache OpenStack-API-Version: compute 2.1 X-OpenStack-Nova-API-Version: 2.1 Vary: OpenStack-API-Version,X-OpenStack-Nova-API-Version x-openstack-request-id: req-870c502b-45c5-46ec-b27e-85fc7bfbdb5c x-compute-request-id: req-870c502b-45c5-46ec-b27e-85fc7bfbdb5c Content-Length: 81 Content-Type: application/json; charset=UTF-8 
RESP BODY: {"itemNotFound": {"message": "Aggregate 7test could not be found.", "code": 404}}

GET call to compute for https://overcloud.redhat.local:13774/v2.1/os-aggregates/7test used request id req-870c502b-45c5-46ec-b27e-85fc7bfbdb5c
REQ: curl -g -i -X GET https://overcloud.redhat.local:13774/v2.1/os-aggregates -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-Auth-Token: {SHA1}6e695b5426a9bcd86f7d34520ba8b92e23db817b"
https://overcloud.redhat.local:13774 "GET /v2.1/os-aggregates HTTP/1.1" 200 236
RESP: [200] Date: Wed, 25 Nov 2020 01:58:50 GMT Server: Apache OpenStack-API-Version: compute 2.1 X-OpenStack-Nova-API-Version: 2.1 Vary: OpenStack-API-Version,X-OpenStack-Nova-API-Version,Accept-Encoding x-openstack-request-id: req-1704be8a-5032-446c-8f3e-250cf3f3ab3b x-compute-request-id: req-1704be8a-5032-446c-8f3e-250cf3f3ab3b Content-Encoding: gzip Content-Length: 236 Content-Type: application/json 
RESP BODY: {"aggregates": [{"name": "1to3-test", "availability_zone": null, "deleted": false, "created_at": "2020-11-25T01:27:43.000000", "updated_at": null, "hosts": [], "deleted_at": null, "id": 2, "metadata": {}}, {"name": "2to3-test", "availability_zone": null, "deleted": false, "created_at": "2020-11-25T01:27:53.000000", "updated_at": null, "hosts": [], "deleted_at": null, "id": 5, "metadata": {}}, {"name": "5to3-test", "availability_zone": null, "deleted": false, "created_at": "2020-11-25T01:28:01.000000", "updated_at": null, "hosts": [], "deleted_at": null, "id": 8, "metadata": {}}, {"name": "8and3-test", "availability_zone": null, "deleted": false, "created_at": "2020-11-25T01:31:10.000000", "updated_at": null, "hosts": [], "deleted_at": null, "id": 11, "metadata": {}}, {"name": "8test", "availability_zone": null, "deleted": false, "created_at": "2020-11-25T01:32:00.000000", "updated_at": null, "hosts": [], "deleted_at": null, "id": 14, "metadata": {}}, {"name": "test", "availability_zone": null, "deleted": false, "created_at": "2020-11-25T01:34:01.000000", "updated_at": null, "hosts": [], "deleted_at": null, "id": 17, "metadata": {}}, {"name": "7test", "availability_zone": null, "deleted": false, "created_at": "2020-11-25T01:58:31.000000", "updated_at": null, "hosts": [], "deleted_at": null, "id": 20, "metadata": {}}]}

GET call to compute for https://overcloud.redhat.local:13774/v2.1/os-aggregates used request id req-1704be8a-5032-446c-8f3e-250cf3f3ab3b
+-------------------+----------------------------+
| Field             | Value                      |
+-------------------+----------------------------+
| availability_zone | None                       |
| created_at        | 2020-11-25T01:58:31.000000 |
| deleted           | False                      |
| deleted_at        | None                       |
| hosts             | []                         |
| id                | 20                         |
| name              | 7test                      |
| properties        |                            |
| updated_at        | None                       |
+-------------------+----------------------------+
clean_up ShowAggregate: 
END return value: 0
~~~
Comment 1 smooney 2020-11-26 17:45:17 UTC 
the os-aggreates api does not support doing a show by name 

https://docs.openstack.org/api-ref/compute/?expanded=show-aggregate-details-detail#show-aggregate-details

show call GET /os-aggregates/{aggregate_id} 

where aggregate_id is the id

the list endpoint support  filtering via the name query arg


/os-aggregates

https://docs.openstack.org/api-ref/compute/?expanded=list-aggregates-detail#list-aggregates

so GET /os-aggregates?name=7test is valid but

GET /os-aggregates/7test is not a vaild api call.


GET /v2.1/os-aggregates/7test  should actully be retruning a 400 badrequest


instead of a 404 but openstack show aggregate 8test is not a valid command.


so there is a bug in that the nova api is not returning a 400 for the invalid request there is alos another bug

the openstack client suggest that aggreate can be the name or id

usage: openstack aggregate show [-h] [-f {json,shell,table,value,yaml}]
                                [-c COLUMN] [--noindent] [--prefix PREFIX]
                                [--max-width <integer>] [--fit-width]
                                [--print-empty]
                                <aggregate>

Display aggregate details

positional arguments:
  <aggregate>           Aggregate to display (name or ID)


to support that osc shoudl be validating the input and determine if its an int or a name
it shoudl then call the list endpoint with the name query arg.

so really this is a openstack client bug with a hardening opportunity at the openstack api level.

updating the componet to reflect that.
Comment 2 Stephen Finucane 2020-11-27 12:13:14 UTC 
OSC supports the use of names in operations like 'foo show' or 'foo list' by first making a request to the server's detail API with the provided string and, if the server rejects that query, making a second request to the server's list API. nova should be rejecting the former but isn't. We could harden OSC but this is a clear nova bug, first and foremost.
Comment 3 smooney 2020-11-27 12:27:41 UTC 
well the nova bug would be not rejecting the requst with a 400 initally
which we can do but it also an osc issue since  osc is not passing the name query arg when it calls the list  endpoint "GET /v2.1/os-aggregates HTTP/1.1"
Comment 14 errata-xmlrpc 2021-03-18 13:09:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 13.0 bug fix and enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:0932
Note You need to log in before you can comment on or make changes to this bug.