MAAS API calls with an empty POST envelope fails

Bug #1916757 reported by Alexandre Erwin Ittner
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MAAS
Triaged
Medium
Unassigned
3.3
Triaged
Medium
Unassigned

Bug Description

Any MAAS API call using with a POST method sending a valid, but empty, post "envelope" of multipart/form-data in its body will fail, even if no body data is required for that particular call. Note that there are no actual fields in the form-encoded data, just the empty boundaries.

This envelope can be added automatically by generic client HTTP libraries and is also by libpython3-maas.

On failures, MAAS returns no error: request just times out.

Follows transcriptions of failing and working HTTP requests running against an production MAAS 2.9.2 (9164-g.ac176b5c4). There are also unmodified tcpdump captures of both of them attached. Is *not* possible to "replay" these requests for testing, however, as the API keys used were added only for the test and already removed.

Failing request, using with by python-libmaas as client library/abstraction layer.

POST /MAAS/api/2.0/machines/ryrfeb/?op=release HTTP/1.1
Host: 10.228.68.5:5240
User-Agent: Python-urllib/3.8
Content-Type: multipart/form-data; boundary="===============3556993604024216494=="
Mime-Version: 1.0
Content-Length: 82
Authorization: OAuth oauth_nonce="146966075862726036601614173740", oauth_timestamp="1614173740", oauth_version="1.0", oauth_signature_method="PLAINTEXT", oauth_consumer_key="MpwT8pwxVTqELehyea", oauth_token="q7kzPjbrX93PfCtHu2", oauth_signature="%266gb8eQ7qFtPuQqnDqREPfb9EZu4ybsgq"
Accept-Encoding: gzip
Connection: close

--===============3556993604024216494==

--===============3556993604024216494==--

Working request generated with python-requests (no abstraction layer).

POST /MAAS/api/2.0/machines/ryrfeb/?op=release HTTP/1.1
Host: 10.228.68.5:5240
User-Agent: python-requests/2.25.1
Accept-Encoding: gzip, deflate
Connection: keep-alive
Content-Length: 0
Authorization: OAuth oauth_nonce="162269732045930448861614173158", oauth_timestamp="1614173158", oauth_version="1.0", oauth_signature_method="PLAINTEXT", oauth_consumer_key="MpwT8pwxVTqELehyea", oauth_token="q7kzPjbrX93PfCtHu2", oauth_signature="%266gb8eQ7qFtPuQqnDqREPfb9EZu4ybsgq"

HTTP/1.1 200 OK
Server: TwistedWeb/18.9.0
Date: Wed, 24 Feb 2021 13:25:58 GMT
Content-Type: application/json; charset=utf-8
Vary: Authorization, Cookie, Accept-Encoding
X-Maas-Api-Hash: 815b645be0437854a58b51e2d1deb0f27266dd8e
X-Frame-Options: SAMEORIGIN
Content-Length: 2654
Content-Encoding: gzip

(... returned data removed ...)

Revision history for this message
Alexandre Erwin Ittner (aittner) wrote :
Revision history for this message
Alexandre Erwin Ittner (aittner) wrote :
Changed in maas:
status: New → Triaged
Changed in maas:
importance: Undecided → Medium
milestone: none → 3.3.0
Changed in maas:
milestone: 3.3.0 → 3.4.0
Alberto Donato (ack)
Changed in maas:
milestone: 3.4.0 → 3.4.x
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.