[Yahoo-eng-team] [Bug 1695861] Re: Invalid availability zone name with ':' is accepted
Reviewed: https://review.openstack.org/490722 Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=38b25397e805dcf7a995666049713304fe4f1af1 Submitter: Jenkins Branch:master commit 38b25397e805dcf7a995666049713304fe4f1af1 Author: Tetsuro Nakamura Date: Fri Aug 4 11:29:00 2017 +0900 fix nova accepting invalid availability zone name with ':' Nova has a legacy hack to allow admins to specify hosts via an availability zone using az:host:node. That means ':' cannot be included in the name of an availability zone itself. However, the aggregate API accepts requests which have availability zone names including ':'. This patch checks the availabilty zone name when aggregate is created or updated and raises an error if it contains ':'. Change-Id: I9b0d8e8d4b3ab2cb3d578c22fa259e0e7c0d325b Closes-Bug: #1695861 ** Changed in: nova Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1695861 Title: Invalid availability zone name with ':' is accepted Status in OpenStack Compute (nova): Fix Released Status in OpenStack Compute (nova) ocata series: Confirmed Status in OpenStack Compute (nova) pike series: Confirmed Bug description: According to the parse_availability_zone() of the API class [1], Nova has a legacy hack to allow admins to specify hosts via an availability zone using az:host:node. That means ':' cannot be included in the name of an availability zone itself. However, the create aggregate API accepts requests which have availability zone names including ':'. That causes a following bad scenario: 1. An admin creates a host aggregate with availability_zone = bad:name:example 2. An admin tries to create a server with availability_zone = bad:name:example 3. The nova-api parse the request and split the availability_zone value with ':' 4. Then it recognizes az=bad, host=name, node=example 5. Nova returns 'No valid host found' because there is no availability zone whose name is 'bad'. To solve this problem following fixes are needed: Option A: * Do not allow admins to create a host aggregate whose availability_zone name including ':'. * Document this specification. Option B: * Deprecate the legacy admin hack which uses az:host:node and allow ':' for az name. [1] https://review.openstack.org/gitweb?p=openstack/nova.git;a=blob;f=nova/compute/api.py;h=46ed8e91fcc16f3755fd6a5e2e4a6d54f990cb8b;hb=HEAD#l561 To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1695861/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1695861] Re: Invalid availability zone name with ':' is accepted
** Also affects: nova/pike Importance: Undecided Status: New ** Also affects: nova/ocata Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1695861 Title: Invalid availability zone name with ':' is accepted Status in OpenStack Compute (nova): In Progress Status in OpenStack Compute (nova) ocata series: Confirmed Status in OpenStack Compute (nova) pike series: Confirmed Bug description: According to the parse_availability_zone() of the API class [1], Nova has a legacy hack to allow admins to specify hosts via an availability zone using az:host:node. That means ':' cannot be included in the name of an availability zone itself. However, the create aggregate API accepts requests which have availability zone names including ':'. That causes a following bad scenario: 1. An admin creates a host aggregate with availability_zone = bad:name:example 2. An admin tries to create a server with availability_zone = bad:name:example 3. The nova-api parse the request and split the availability_zone value with ':' 4. Then it recognizes az=bad, host=name, node=example 5. Nova returns 'No valid host found' because there is no availability zone whose name is 'bad'. To solve this problem following fixes are needed: Option A: * Do not allow admins to create a host aggregate whose availability_zone name including ':'. * Document this specification. Option B: * Deprecate the legacy admin hack which uses az:host:node and allow ':' for az name. [1] https://review.openstack.org/gitweb?p=openstack/nova.git;a=blob;f=nova/compute/api.py;h=46ed8e91fcc16f3755fd6a5e2e4a6d54f990cb8b;hb=HEAD#l561 To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1695861/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1695861] Re: Invalid availability zone name with ':' is accepted
** No longer affects: nova/ocata -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1695861 Title: Invalid availability zone name with ':' is accepted Status in OpenStack Compute (nova): In Progress Bug description: According to the parse_availability_zone() of the API class [1], Nova has a legacy hack to allow admins to specify hosts via an availability zone using az:host:node. That means ':' cannot be included in the name of an availability zone itself. However, the create aggregate API accepts requests which have availability zone names including ':'. That causes a following bad scenario: 1. An admin creates a host aggregate with availability_zone = bad:name:example 2. An admin tries to create a server with availability_zone = bad:name:example 3. The nova-api parse the request and split the availability_zone value with ':' 4. Then it recognizes az=bad, host=name, node=example 5. Nova returns 'No valid host found' because there is no availability zone whose name is 'bad'. To solve this problem following fixes are needed: Option A: * Do not allow admins to create a host aggregate whose availability_zone name including ':'. * Document this specification. Option B: * Deprecate the legacy admin hack which uses az:host:node and allow ':' for az name. [1] https://review.openstack.org/gitweb?p=openstack/nova.git;a=blob;f=nova/compute/api.py;h=46ed8e91fcc16f3755fd6a5e2e4a6d54f990cb8b;hb=HEAD#l561 To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1695861/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1695861] Re: Invalid availability zone name with ':' is accepted
** Changed in: nova Importance: Undecided => Medium ** Also affects: nova/ocata Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1695861 Title: Invalid availability zone name with ':' is accepted Status in OpenStack Compute (nova): In Progress Status in OpenStack Compute (nova) ocata series: New Bug description: According to the parse_availability_zone() of the API class [1], Nova has a legacy hack to allow admins to specify hosts via an availability zone using az:host:node. That means ':' cannot be included in the name of an availability zone itself. However, the create aggregate API accepts requests which have availability zone names including ':'. That causes a following bad scenario: 1. An admin creates a host aggregate with availability_zone = bad:name:example 2. An admin tries to create a server with availability_zone = bad:name:example 3. The nova-api parse the request and split the availability_zone value with ':' 4. Then it recognizes az=bad, host=name, node=example 5. Nova returns 'No valid host found' because there is no availability zone whose name is 'bad'. To solve this problem following fixes are needed: Option A: * Do not allow admins to create a host aggregate whose availability_zone name including ':'. * Document this specification. Option B: * Deprecate the legacy admin hack which uses az:host:node and allow ':' for az name. [1] https://review.openstack.org/gitweb?p=openstack/nova.git;a=blob;f=nova/compute/api.py;h=46ed8e91fcc16f3755fd6a5e2e4a6d54f990cb8b;hb=HEAD#l561 To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1695861/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
