python-mistralclient

mistralclient sends too big header

Bug #1702324 reported by Boris Bobrov
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
python-mistralclient
In Progress
Undecided
Andras Kovi

Bug Description

On line 195 of https://git.openstack.org/cgit/openstack/python-mistralclient/tree/mistralclient/api/httpclient.py?id=d4d41137ac30f168cf64671706e788077a375a7e#n195 mistralclient retrieves service catalog and sends it in X-Target-Service-Catalog header.

It doesn't always work. Service catalog can be big. For example, citycloud's service catalog is 31kb. Most HTTP servers limit the size of the headers they accept. Apache limits the size of the headers to 8kb: https://httpd.apache.org/docs/2.2/mod/core.html#limitrequestfieldsize . Nginx limits to 4kb.

Also, generally, i don't think it is a good idea to pass large values in headers.
Also, service catalog can be retrieved on the server if a token and url to identity service is present.

See original description
Revision history for this message
Boris Bobrov (bbobrov) wrote :

This bug came out of discussion in https://review.openstack.org/#/c/455174/56/mistralclient/api/httpclient.py . So there might be a need in this header.

description: updated
Revision history for this message
Andras Kovi (akovi) wrote :

This is a duplicate for https://bugs.launchpad.net/mistral/+bug/1699248.

With Keystone V2 authentication the service catalog can be retrieved only by re-authenticating with password or admin credentials. With targeted executions this is not possible; therefore, the client must send the values to the server.

As a simple solution, the client could split the value into several small headers and the server could reassemble it. We know that this is not a perfect solution but let's hope that KV2 support can go away in about a year and we can get rid of this solution altogether.

Renat Akhmerov (rakhmerov)
Changed in python-mistralclient:
assignee: nobody → Andras Kovi (akovi)
Andras Kovi (akovi)
Changed in python-mistralclient:
status: New → In Progress
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.