OpenStack Heat

Invalid metadata reference not validated

Bug #1338811 reported by Steven Hardy on 2014-07-07

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Heat	Fix Released	Low	Angus Salkeld	OpenStack Heat next
	Juno	Fix Released	Undecided	Unassigned	OpenStack Heat 2014.2.4

Bug Description

heat_template_version: 2013-05-23

resources:
  instance:
    type: OS::Nova::Server
    #metadata: {'random': {get_attr: [random, value]}}
    metadata: {get_attr: [random, value]}
    properties:
      image: cirros-0.3.2-x86_64-disk
      flavor: m1.small
      key_name: stack_key

random:
type: OS::Heat::RandomString

If the (invalid) uncommented line is used, it passes validation, but then some time later the resource fails to store silently and the resource creation fails in an obscure way:

2014-07-07 23:29:06.452 TRACE heat.engine.resource File "/opt/stack/python-novaclient/novaclient/v1_1/servers.py", line 871, in create
2014-07-07 23:29:06.452 TRACE heat.engine.resource **boot_kwargs)
2014-07-07 23:29:06.452 TRACE heat.engine.resource File "/opt/stack/python-novaclient/novaclient/v1_1/servers.py", line 534, in _boot
2014-07-07 23:29:06.452 TRACE heat.engine.resource return_raw=return_raw, **kwargs)
2014-07-07 23:29:06.452 TRACE heat.engine.resource File "/opt/stack/python-novaclient/novaclient/base.py", line 152, in _create
2014-07-07 23:29:06.452 TRACE heat.engine.resource _resp, body = self.api.client.post(url, body=body)
2014-07-07 23:29:06.452 TRACE heat.engine.resource File "/opt/stack/python-novaclient/novaclient/client.py", line 286, in post
2014-07-07 23:29:06.452 TRACE heat.engine.resource return self._cs_request(url, 'POST', **kwargs)
2014-07-07 23:29:06.452 TRACE heat.engine.resource File "/opt/stack/python-novaclient/novaclient/client.py", line 260, in _cs_request
2014-07-07 23:29:06.452 TRACE heat.engine.resource **kwargs)
2014-07-07 23:29:06.452 TRACE heat.engine.resource File "/opt/stack/python-novaclient/novaclient/client.py", line 242, in _time_request
2014-07-07 23:29:06.452 TRACE heat.engine.resource resp, body = self.request(url, method, **kwargs)
2014-07-07 23:29:06.452 TRACE heat.engine.resource File "/opt/stack/python-novaclient/novaclient/client.py", line 236, in request
2014-07-07 23:29:06.452 TRACE heat.engine.resource raise exceptions.from_response(resp, body, url, method)
2014-07-07 23:29:06.452 TRACE heat.engine.resource BadRequest: Server name is not a string or unicode (HTTP 400) (Request-ID: req-cd388f26-5fbb-4364-85b0-bec49f1588ba)
2014-07-07 23:29:06.452 TRACE heat.engine.resource

Tags:

Angus Salkeld (asalkeld) on 2014-08-27

Changed in heat:
assignee:	nobody → Angus Salkeld (asalkeld)
importance:	Undecided → Low
status:	New → Triaged

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-08-27: Fix proposed to heat (master)

Fix proposed to branch: master
Review: https://review.openstack.org/117076

Changed in heat:
status:	Triaged → In Progress

Steven Hardy (shardy) on 2014-09-09

Changed in heat:
milestone:	none → juno-rc1

Zane Bitter (zaneb) on 2014-09-26

Changed in heat:
milestone:	juno-rc1 → next

Steven Hardy (shardy) on 2014-10-22

tags:

added: juno-backport-potential

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-10-28: Fix merged to heat (master)

Reviewed: https://review.openstack.org/117076
Committed: https://git.openstack.org/cgit/openstack/heat/commit/?id=22df43e2f1e4dd6050e61f0808e6970b0cb05dac
Submitter: Jenkins
Branch: master

commit 22df43e2f1e4dd6050e61f0808e6970b0cb05dac
Author: Angus Salkeld <email address hidden>
Date: Mon Oct 27 10:23:33 2014 +1000

Validate nova server's metadata

This prevents "foo" getting passed into the metadata.
This can happen when using get_attr() to return a dynamic value.

Change-Id: I17eab659e65a51963e510add4d71fbc90a3a3a53
Closes-bug: #1338811

Changed in heat:
status:	In Progress → Fix Committed

Steve Baker (steve-stevebaker) on 2015-10-07

Changed in heat:
status:	Fix Committed → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-11-12: Fix proposed to heat (stable/juno)

Fix proposed to branch: stable/juno
Review: https://review.openstack.org/244430

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-11-12: Fix merged to heat (stable/juno)

Reviewed: https://review.openstack.org/244430
Committed: https://git.openstack.org/cgit/openstack/heat/commit/?id=c5555a449dfa569df81ca699203ec83a22b1141d
Submitter: Jenkins
Branch: stable/juno

commit c5555a449dfa569df81ca699203ec83a22b1141d
Author: Angus Salkeld <email address hidden>
Date: Mon Oct 27 10:23:33 2014 +1000

Validate nova server's metadata

This prevents "foo" getting passed into the metadata.
This can happen when using get_attr() to return a dynamic value.

    Change-Id: I17eab659e65a51963e510add4d71fbc90a3a3a53
    Closes-bug: #1338811
    (cherry picked from commit 22df43e2f1e4dd6050e61f0808e6970b0cb05dac)

tags:

added: in-stable-juno

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.