Magnum

Unexpected response from new microversioned API

Bug #1659431 reported by Jason Dunsmore
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Magnum
Fix Released
Medium
Vijendar Komalla

Bug Description

Update: This issue can be reproduced with any new APIs that enforce micro-version (for example /stats API and /quotas API)

Since the microversion for the "PATCH /certificates/{cluster_id}" API was introduced in a65ef7d3c, it has been necessary to pass the OpenStack-API-Version header on the initial request to any certificates API for a particular cluster. There may be a bug in the way microversions are handled in Magnum.

Example:

$ . /etc/sysconfig/heat-params
$ auth_json=$(cat << EOF
> {
> "auth": {
> "identity": {
> "methods": [
> "password"
> ],
> "password": {
> "user": {
> "id": "$TRUSTEE_USER_ID",
> "password": "$TRUSTEE_PASSWORD"
> }
> }
> },
> "scope": {
> "OS-TRUST:trust": {
> "id": "$TRUST_ID"
> }
> }
> }
> }
> EOF
> )
$ AUTH_URL=${AUTH_URL/v2.0/v3}
$ content_type='Content-Type: application/json'
$ url="$AUTH_URL/auth/tokens"
$ USER_TOKEN=`curl -k -s -i -X POST -H "$content_type" -d "$auth_json" $url \
> | grep X-Subject-Token | awk '{print $2}' | tr -d '[[:space:]]'`
$ curl -k -X GET \
> -H "X-Auth-Token: $USER_TOKEN" \
> $MAGNUM_URL/certificates/$CLUSTER_UUID
{"errors": [{"status": 406, "code": "", "links": [], "title": "", "detail": "", "request_id": ""}]}

The "GET /certificates/{cluster_id}" API has no explicit microversion, so "container-infra 1.1" should be implied. If a client doesn't specify a microversion, the default used is 1.1. So we shouldn't have recieved a 406.

If we send a microversion, that request and every subsequent request (no matter the microversion sent) results in a 200 OK.

Works with microversion:

$ curl -k -X GET -H "OpenStack-API-Version: container-infra latest" -H "X-Auth-Token: $USER_TOKEN" $MAGNUM_URL/certificates/$CLUSTER_UUID
{"cluster_uuid": "52bf1b29-cfdd-405d-9d29-3a3b0532070c", "pem": "-----BEGIN CERTIFICATE-----\nMIIC3jCCAcagAwIBAgIQA+cbWZ7FQWGg0mmVbDxd/jANBgkqhkiG9w0BAQsFADAX\nMRUwEwYDVQQDDAxrOHMtY2x1c3RlcjMwHhcNMTcwMTI0MjIwODQwWhcNMjIwMTI0\nMjIwODQwWjAXMRUwEwYDVQQDDAxrOHMtY2x1c3RlcjMwggEiMA0GCSqGSIb3DQEB\nAQUAA4IBDwAwggEKAoIBAQDgOxLaxFpJGNxlU9ZZRCMGJPaAV6khF0uW3JFjO0xC\nnnSYuKk6NyNQo3gNLNR0kms+bsPMkocV1d9DT8qDUbrqynR/VjJm97vUMMAMpVow\njVef3FTxTFZWYs6J2eifyq3JD/dlTTG0PvNBcdAOYAV2FdSZdXXDAsLE88gXxLhs\npuHFJAqfxivG04woGCPPX268atBc+Uo9QIDb6Ea2AsBVs/zl/x23sOwwImkPVizS\nIaEyZ2HSFzTFbmhClRCG83cDvAg6E58n819Gh6APpoM2NFo8O8CISZIW2fZWQ0Z2\nB47VrFYKsngDwtIuqtLxOdsx62N6vHbfX68RhFalYI0RAgMBAAGjJjAkMBIGA1Ud\nEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4IB\nAQCgMCcYmibBomwx1DbFIqXuRWGdy1lZr2nKODwQPQFnc/E7UCoJOCBjJjZoISUq\nZRT/Kb59kKpV8YY/O0cgzA+gs3OCZ6yqo3X7xqSF/zpZ0fcz7feBLFRRFbGtz5L3\nqGQlhYEU61zSmuNjH9EROvVJomgWHAJq2DFFEPinpOqiu40FsQ2kHtFFN9JuERhy\nYAftJYQ4LjAvGczPPhXPGwx5QsF6yj6kkJ73QR3jDTq3h0WFsOfslMduSljITobl\nT8KtyWawxZgjn9rC0GiIvW7U8GhAM9cR5OMKa+a8AdkpbXCC8UF0IL7GYWnzZqec\nsGDci56UQkjvTQZ5Bp3lkNwU\n-----END CERTIFICATE-----\n", "bay_uuid": "52bf1b29-cfdd-405d-9d29-3a3b0532070c", "links": [{"href": "http://65.61.144.174:9511/v1/certificates/52bf1b29-cfdd-405d-9d29-3a3b0532070c", "rel": "self"}, {"href": "http://65.61.144.174:9511/certificates/52bf1b29-cfdd-405d-9d29-3a3b0532070c", "rel": "bookmark"}]}

But now it works without the microversion too:

$ curl -k -X GET -H "X-Auth-Token: $USER_TOKEN" $MAGNUM_URL/certificates/$CLUSTER_UUID
{"cluster_uuid": "52bf1b29-cfdd-405d-9d29-3a3b0532070c", "pem": "-----BEGIN CERTIFICATE-----\nMIIC3jCCAcagAwIBAgIQA+cbWZ7FQWGg0mmVbDxd/jANBgkqhkiG9w0BAQsFADAX\nMRUwEwYDVQQDDAxrOHMtY2x1c3RlcjMwHhcNMTcwMTI0MjIwODQwWhcNMjIwMTI0\nMjIwODQwWjAXMRUwEwYDVQQDDAxrOHMtY2x1c3RlcjMwggEiMA0GCSqGSIb3DQEB\nAQUAA4IBDwAwggEKAoIBAQDgOxLaxFpJGNxlU9ZZRCMGJPaAV6khF0uW3JFjO0xC\nnnSYuKk6NyNQo3gNLNR0kms+bsPMkocV1d9DT8qDUbrqynR/VjJm97vUMMAMpVow\njVef3FTxTFZWYs6J2eifyq3JD/dlTTG0PvNBcdAOYAV2FdSZdXXDAsLE88gXxLhs\npuHFJAqfxivG04woGCPPX268atBc+Uo9QIDb6Ea2AsBVs/zl/x23sOwwImkPVizS\nIaEyZ2HSFzTFbmhClRCG83cDvAg6E58n819Gh6APpoM2NFo8O8CISZIW2fZWQ0Z2\nB47VrFYKsngDwtIuqtLxOdsx62N6vHbfX68RhFalYI0RAgMBAAGjJjAkMBIGA1Ud\nEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4IB\nAQCgMCcYmibBomwx1DbFIqXuRWGdy1lZr2nKODwQPQFnc/E7UCoJOCBjJjZoISUq\nZRT/Kb59kKpV8YY/O0cgzA+gs3OCZ6yqo3X7xqSF/zpZ0fcz7feBLFRRFbGtz5L3\nqGQlhYEU61zSmuNjH9EROvVJomgWHAJq2DFFEPinpOqiu40FsQ2kHtFFN9JuERhy\nYAftJYQ4LjAvGczPPhXPGwx5QsF6yj6kkJ73QR3jDTq3h0WFsOfslMduSljITobl\nT8KtyWawxZgjn9rC0GiIvW7U8GhAM9cR5OMKa+a8AdkpbXCC8UF0IL7GYWnzZqec\nsGDci56UQkjvTQZ5Bp3lkNwU\n-----END CERTIFICATE-----\n", "bay_uuid": "52bf1b29-cfdd-405d-9d29-3a3b0532070c", "links": [{"href": "http://65.61.144.174:9511/v1/certificates/52bf1b29-cfdd-405d-9d29-3a3b0532070c", "rel": "self"}, {"href": "http://65.61.144.174:9511/certificates/52bf1b29-cfdd-405d-9d29-3a3b0532070c", "rel": "bookmark"}]}

See original description
Adrian Otto (aotto)
Changed in magnum:
importance: Undecided → Medium
status: New → Triaged
assignee: nobody → Jason Dunsmore (jasondunsmore)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to magnum (master)

Fix proposed to branch: master
Review: https://review.openstack.org/427907

Changed in magnum:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: master
Review: https://review.openstack.org/431210

Changed in magnum:
assignee: Jason Dunsmore (jasondunsmore) → Vijendar Komalla (vijendar-komalla)
Vijendar Komalla (vijendar-komalla)
summary: - Unexpected response from microversioned API
+ Unexpected response from new microversioned API
Vijendar Komalla (vijendar-komalla)
description: updated
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to magnum (master)

Reviewed: https://review.openstack.org/431210
Committed: https://git.openstack.org/cgit/openstack/magnum/commit/?id=221846c437d9c5f5913cbf0022a943b485f003e5
Submitter: Jenkins
Branch: master

commit 221846c437d9c5f5913cbf0022a943b485f003e5
Author: Vijendar Komalla <email address hidden>
Date: Wed Feb 8 16:37:14 2017 -0600

    Don't enforce microversion for stats API

    Due to bug in microversion logic, adding any new microversioned
    API would mandate OpenStack-API-Version header in the request.
    This change is to avoid microversion enforcement until the
    bug in microversioning is fixed.
    Please note that, this issue is only seen when no version
    header is sent to the controller the first time and also
    this bug can not be reproduced by magnum CLI since it sends
    the latest version header by default.

    Change-Id: I9a576e048846e930c62fb55584b125585137fcfd
    Partial-Bug: #1659431

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Reviewed: https://review.openstack.org/427907
Committed: https://git.openstack.org/cgit/openstack/magnum/commit/?id=c6ad21ea0a87ac91d10ec2298a7dc0583660769a
Submitter: Jenkins
Branch: master

commit c6ad21ea0a87ac91d10ec2298a7dc0583660769a
Author: Jason Dunsmore <email address hidden>
Date: Wed Feb 1 14:28:51 2017 -0600

    Don't enforce microversion for rotate CA cert API

    Enforcing microversion 1.5 for the certificates PATCH endpoint
    (rotating a CA cert) was not necessary because it is a new endpoint
    and not a change to an existing endpoint. The absence of an
    implementation for prior microversions of this endpoint was causing
    unexpected behavior.

    Change-Id: I33240d6b325843972a6f05d1c93c94b82752d32f
    Partial-Bug: #1659431

Revision history for this message
Spyros Trigazis (strigazi) wrote :

We can close this since the fix is merged.

Changed in magnum:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.