yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #36581
[Bug 1480191] Re: User can send 'request-id' from headers to glance api
This is as designed, not a bug. If there is attach vectors like possibly
long ID's we should fix them, but not break our API.
** Changed in: glance
Status: In Progress => Opinion
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1480191
Title:
User can send 'request-id' from headers to glance api
Status in Glance:
Opinion
Bug description:
User can send 'X-Openstack-Request-Id' headers while calling any glance api.
Glance uses this 'X-Openstack-Request-Id' sent from headers for logging and also adds same request-id in response headers.
User can send any value (long string) as 'X-Openstack-Request-Id' header to glance service,
because of this log file can get filled with invalid (or long) request-ids.
IMO glance should not take 'request-id' sent from user, it should
always create it's own (valid) 'request-id'.
1. curl command to send 'X-Openstack-Request-Id' header image-list api:
$ curl -g -i -X GET -H 'Accept-Encoding: gzip, deflate' -H 'Accept:
*/*' -H 'Connection: keep-alive' -H 'X-Auth-Token:
63282e92e8e64be2a89587cfaada3554' -H 'X-Openstack-Request-Id: testing
--
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa123456'
http://10.69.4.173:9292/v2/images?limit=1
HTTP/1.1 200 OK
Content-Length: 856
Content-Type: application/json; charset=UTF-8
X-Openstack-Request-Id: req-testing--aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa123456
Date: Fri, 31 Jul 2015 07:13:39 GMT
Connection: keep-alive
{"images": [{"status": "active", "name": "cirros-0.3.4-x86_64-uec",
"tags": [], "kernel_id": "a03839e1-95db-459c-97d0-711daab55550",
"container_format": "ami", "created_at": "2015-07-31T07:01:03Z",
"ramdisk_id": "90c59147-1afe-4ede-b1da-435ab1ef98f6", "disk_format":
"ami", "updated_at": "2015-07-31T07:01:04Z", "visibility": "public",
"self": "/v2/images/26b712f3-22a9-45fb-aa8f-f9851d55e71d", "min_disk":
0, "protected": false, "id": "26b712f3-22a9-45fb-aa8f-f9851d55e71d",
"size": 25165824, "file": "/v2/images/26b712f3-22a9-45fb-aa8f-
f9851d55e71d/file", "checksum": "eb9139e4942121f22bbc2afc0400b2a4",
"owner": "632960b4c18c4257bb404d0047be922c", "virtual_size": null,
"min_ram": 0, "schema": "/v2/schemas/image"}], "next":
"/v2/images?marker=26b712f3-22a9-45fb-aa8f-f9851d55e71d&limit=1",
"schema": "/v2/schemas/images", "first": "/v2/images?limit=1"}
2. glance-api service logs:
2015-07-31 00:13:39.612 DEBUG oslo_policy.policy [testing--aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa123456 bd66b0b7b1c04d738cd5d79c5619fd2d 0d0dc11c6b1649068eb4c4068791a602] Reloaded policy file: /etc/glance/policy.json from (pid=27225) _load_policy_file /usr/local/lib/python2.7/dist-packages/oslo_policy/policy.py:436
2015-07-31 00:13:39.613 DEBUG oslo_policy.policy [testing--aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa123456 bd66b0b7b1c04d738cd5d79c5619fd2d 0d0dc11c6b1649068eb4c4068791a602] Reloaded policy file: /etc/glance/policy.json from (pid=27225) _load_policy_file /usr/local/lib/python2.7/dist-packages/oslo_policy/policy.py:436
2015-07-31 00:13:39.652 INFO eventlet.wsgi.server [testing--aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa123456 bd66b0b7b1c04d738cd5d79c5619fd2d 0d0dc11c6b1649068eb4c4068791a602] 10.69.4.173 - - [31/Jul/2015 00:13:39] "GET /v2/images?limit=1 HTTP/1.1" 200 1161 0.042854
To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1480191/+subscriptions
References