-
Bug
-
Resolution: Done
-
High
-
Casablanca Maintenance Release
-
None
In the url definitions in
/opt/ocata/ocata/proxy/urls.py and /opt/ocata/ocata/proxy/urlsV1.py (I think this is the one been used)
there is the definition
urlpatterns = [
- url(r'^identity/v2)$',
- identityV2.Tokens.as_view()),
...
url(r'dns-delegate/(?P<requri>[0-9a-zA-Z./_-]*)$',
dnsaasdelegate.DnsaasDelegate.as_view()),
url(r'^(?P<servicetype>[0-9a-zA-Z_-]{,18})/(?P<requri>[0-9a-zA-Z./_-]*)$',
services.Services.as_view()),
]
I think the problem is that this is too generic and is been picked up for the wrong requests to the ocata adapter. I think that having the / in the requri sectionis dangerous espically when there is no prefix at the start e.g. like the dns-delegate on the previous line
this was picked up for the request /api/multicloud-ocata/v1/CloudOwner/regionOne/infra_workload/b4013d57-408e-4a7d-a322-65869c598408/ which then fails due to an autentication problem with the error
2019-02-07 09:05:36|||||newton_base.proxy.services||140497298118464||has_permission||DEBUG||HasValidToken--has_permission::META> {'wsgi.multiprocess': True, 'SCRIPT_NAME': u'', 'REQUEST_METHOD': 'GET', 'UWSGI_ROUTER': 'http', 'SERVER_PROTOCOL': 'HTTP/1.1', 'QUERY_STRING': '', 'HTTP_USER_AGENT': 'curl/7.52.1', 'SERVER_NAME': 'dev-multicloud-multicloud-ocata-5f88958986-xh7sw', 'REMOTE_ADDR': '127.0.0.1', 'wsgi.url_scheme': 'http', 'SERVER_PORT': '9006', 'uwsgi.node': 'dev-multicloud-multicloud-ocata-5f88958986-xh7sw', 'wsgi.input': <uwsgi._Input object at 0x7fc801f98888>, 'HTTP_HOST': 'localhost:9006', 'wsgi.multithread': False, 'REQUEST_URI': '/api/multicloud-ocata/v1/CloudOwner/regionOne/infra_workload/b4013d57-408e-4a7d-a322-65869c598408', 'HTTP_ACCEPT': '/', 'wsgi.version': (1, 0), 'wsgi.run_once': False, 'wsgi.errors': <open file 'wsgi_errors', mode 'w' at 0x7fc802ddbae0>, 'REMOTE_PORT': '62607', 'uwsgi.version': '2.0.17.1', 'wsgi.file_wrapper': <built-in function uwsgi_sendfile>, 'PATH_INFO': u'/api/multicloud-ocata/v1/CloudOwner/regionOne/infra_workload/b4013d57-408e-4a7d-a322-65869c598408'}||||requestID=f7560baf-8dd7-3a84-a1a4-b3a66828a718 invocationID=265b6cde-dff1-4447-b310-8219d89c521b serviceName=multicloud-ocata serviceIP=localhost