From d71178e11b663869a28ed3057c28f1b3ff88f55c Mon Sep 17 00:00:00 2001 From: Michael Johnson Date: Wed, 29 Apr 2020 18:05:12 -0700 Subject: [PATCH] Fixes updating members with the wrong pool ID On queens, if you update a member using the wrong pool ID, the user will get the correct error response, but the load balancer will remain locked. This patch corrects that by putting the pool validation in the correct sequence. This is already fixed in Rocky and newer as part of the provider driver feature. Change-Id: Id88bd2363d4cb0213096997146d0a79454289978 Story: 2007609 Task: 39599 --- octavia/api/v2/controllers/member.py | 4 ++-- octavia/tests/functional/api/v2/test_member.py | 14 ++++++++++---- ...-update-member-wrong-pool-cccc42db7846d307.yaml | 4 ++++ 3 files changed, 16 insertions(+), 6 deletions(-) create mode 100644 releasenotes/notes/fix-update-member-wrong-pool-cccc42db7846d307.yaml diff --git a/octavia/api/v2/controllers/member.py b/octavia/api/v2/controllers/member.py index 84f72101fa..99971557fe 100644 --- a/octavia/api/v2/controllers/member.py +++ b/octavia/api/v2/controllers/member.py @@ -231,14 +231,14 @@ class MemberController(base.BaseController): self._auth_validate_action(context, db_member.project_id, constants.RBAC_PUT) + self._validate_pool_id(id, db_member.pool_id) + self._test_lb_and_listener_and_pool_statuses(context.session, member=db_member) self.repositories.member.update( context.session, db_member.id, provisioning_status=constants.PENDING_UPDATE) - self._validate_pool_id(id, db_member.pool_id) - try: LOG.info("Sending Update of Member %s to handler", id) self.handler.update(db_member, member) diff --git a/octavia/tests/functional/api/v2/test_member.py b/octavia/tests/functional/api/v2/test_member.py index 708f77d2e6..f59783daf7 100644 --- a/octavia/tests/functional/api/v2/test_member.py +++ b/octavia/tests/functional/api/v2/test_member.py @@ -864,12 +864,18 @@ class TestMember(base.BaseAPITest): lb_id=self.lb_id, listener_id=self.listener_id, pool_id=self.pool_id, member_id=api_member.get('id')) - def test_bad_update(self): + def test_update_wrong_pool(self): api_member = self.create_member( self.pool_id, '10.0.0.1', 80).get(self.root_tag) - new_member = {'protocol_port': 'ten'} - self.put(self.member_path.format(member_id=api_member.get('id')), - self._build_body(new_member), status=400) + self.set_lb_status(self.lb_id) + new_member = {'monitor_port': '81'} + bad_member_path = ( + self.MEMBERS_PATH.format(pool_id=self.pool_with_listener_id) + + '/' + api_member.get('id')) + self.put(bad_member_path, self._build_body(new_member), status=404) + self.assert_correct_status( + lb_id=self.lb_id, listener_id=self.listener_id, + pool_id=self.pool_id, member_id=api_member.get('id')) def test_update_with_bad_handler(self): api_member = self.create_member( diff --git a/releasenotes/notes/fix-update-member-wrong-pool-cccc42db7846d307.yaml b/releasenotes/notes/fix-update-member-wrong-pool-cccc42db7846d307.yaml new file mode 100644 index 0000000000..37e17993d2 --- /dev/null +++ b/releasenotes/notes/fix-update-member-wrong-pool-cccc42db7846d307.yaml @@ -0,0 +1,4 @@ +--- +fixes: + - | + Fixed updating members with the wrong pool ID locking the load balancer.