Bug 1978155 - Designate DNS – it’s possible to create blacklist using invalid patterns
Summary: Designate DNS – it’s possible to create blacklist using invalid patterns
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-designate
Version: 17.0 (Wallaby)
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ga
: 17.0
Assignee: Don Kehn
QA Contact: Toni Freger
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-07-01 08:35 UTC by Arkady Shtempler
Modified: 2022-09-21 12:16 UTC (History)
6 users (show)

Fixed In Version: openstack-designate-12.0.2-0.20220614212615.f255747.el9ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-09-21 12:16:04 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Launchpad 1934252 0 None None None 2021-07-01 08:35:19 UTC
OpenStack gerrit 825682 0 None master: MERGED designate: Checks for invalid denylist regex patterns (I2b69025fc11125bb73a4e0f8c0dedad951399cbf) 2022-06-13 19:37:06 UTC
OpenStack gerrit 827248 0 None stable/wallaby: MERGED designate: Checks for invalid denylist regex patterns (I2b69025fc11125bb73a4e0f8c0dedad951399cbf) 2022-06-13 19:37:11 UTC
Red Hat Issue Tracker OSP-5693 0 None None None 2021-11-23 16:14:15 UTC
Red Hat Product Errata RHEA-2022:6543 0 None None None 2022-09-21 12:16:45 UTC

Description Arkady Shtempler 2021-07-01 08:35:20 UTC 
Scenario:
Create blacklist using string that cannot be used either as a regex or as a zone name, for example: 
patterns = ['', '#(*&^%$%$#@$']


Empty pattern console result:
2021-07-01 10:36:29,649 770881 INFO     [tempest.lib.common.rest_client] Request (BlacklistsAdminTest:test_create_blacklist_invalid_pattern): 201 POST http://10.35.64.8/dns/v2/blacklists 0.216s
2021-07-01 10:36:29,650 770881 DEBUG    [tempest.lib.common.rest_client] Request - Headers: {'Content-Type': 'application/json', 'Accept': 'application/json', 'X-Auth-Token': '<omitted>'}
        Body: {"pattern": "", "description": "tempest-2122752535"}
    Response - Headers: {'date': 'Thu, 01 Jul 2021 07:36:29 GMT', 'server': 'Apache/2.4.41 (Ubuntu)', 'location': 'http://10.35.64.8/dns/v2/blacklists/81759d14-1aa4-4395-b4da-0e9f8e024044', 'content-length': '257', 'x-openstack-request-id': 'req-5bbf9f42-6903-4bbe-b670-92860217864d', 'connection': 'close', 'content-type': 'application/json', 'status': '201', 'content-location': 'http://10.35.64.8/dns/v2/blacklists'}
        Body: b'{"id": "81759d14-1aa4-4395-b4da-0e9f8e024044", "pattern": "", "description": "tempest-2122752535", "created_at": "2021-07-01T07:36:30.000000", "updated_at": null, "links": {"self": "http://10.35.64.8/dns/v2/blacklists/81759d14-1aa4-4395-b4da-0e9f8e024044"}}'
}}}

Invalid string (#(*&^%$%$#@$") console result:
2021-07-01 10:32:32,316 770535 INFO     [tempest.lib.common.rest_client] Request (BlacklistsAdminTest:test_create_blacklist_invalid_pattern): 201 POST http://10.35.64.8/dns/v2/blacklists 0.037s
2021-07-01 10:32:32,317 770535 DEBUG    [tempest.lib.common.rest_client] Request - Headers: {'Content-Type': 'application/json', 'Accept': 'application/json', 'X-Auth-Token': '<omitted>'}
        Body: {"pattern": "#(*&^%$%$#@$", "description": "tempest-374346852"}
    Response - Headers: {'date': 'Thu, 01 Jul 2021 07:32:32 GMT', 'server': 'Apache/2.4.41 (Ubuntu)', 'location': 'http://10.35.64.8/dns/v2/blacklists/4527e92e-f6f9-438a-917b-7478a2c02e0c', 'content-length': '268', 'x-openstack-request-id': 'req-2f6969a4-5cce-417b-80f2-509e42128499', 'connection': 'close', 'content-type': 'application/json', 'status': '201', 'content-location': 'http://10.35.64.8/dns/v2/blacklists'}
        Body: b'{"id": "4527e92e-f6f9-438a-917b-7478a2c02e0c", "pattern": "#(*&^%$%$#@$", "description": "tempest-374346852", "created_at": "2021-07-01T07:32:32.000000", "updated_at": null, "links": {"self": "http://10.35.64.8/dns/v2/blacklists/4527e92e-f6f9-438a-917b-7478a2c02e0c"}}'

Actual Result:
Blacklist is successfully created

Expected result:
400 BadRequest
Comment 11 errata-xmlrpc 2022-09-21 12:16:04 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Release of components for Red Hat OpenStack Platform 17.0 (Wallaby)), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2022:6543
Note You need to log in before you can comment on or make changes to this bug.