[Bug 1988942] Re: Failed to set image property. Invalid input for field/attribute simplestreams_metadata. Value: ... is too long (HTTP 400)

James Page 1988942 at bugs.launchpad.net
Mon Jul 8 13:00:21 UTC 2024 

This bug was fixed in the package cinder - 2:23.0.0-0ubuntu1.4~cloud0
---------------

 cinder (2:23.0.0-0ubuntu1.4~cloud0) jammy; urgency=medium
 .
   * SECURITY UPDATE for Ubuntu Cloud Archive. backport to jammy.
 .
 cinder (2:23.0.0-0ubuntu1.4) mantic-security; urgency=medium
 .
   * SECURITY UPDATE: Arbitrary file access via custom QCOW2 external data
     (LP: #2059809)
     - debian/patches/CVE-2024-32498.patch: check for external qcow2 data
       file.
     - debian/control: added qemu-utils to Build-Depends so qemu-img is
       available for new tests.
     - CVE-2024-32498
 .
 cinder (2:23.0.0-0ubuntu1.2) mantic; urgency=medium
 .
   [ Jorge Merlino ]
   * Increase size of volume image metadata values to 65535 bytes
     (LP: #1988942)
 .
   [ Heather Lemon ]
   * Start cinder-volume.service after tgt.service started (LP: #1987663)
     - d/cinder-volume.service.conf: drop-in with 'After=' and 'Wants='
       ('Wants=' is not generated by pkgos-gen-systemd-unit currently).
     - d/cinder-volume.install: ship the systemd service drop-in file.
 .
 cinder (2:23.0.0-0ubuntu1.1) mantic; urgency=medium
 .
   [ Corey Bryant ]
   * d/gbp.conf: Create stable/2023.2 branch.
   * d/gbp.conf, .launchpad.yaml: Sync from cloud-archive-tools for
     bobcat.
 .
   [ Edward Hope-Morley ]
   * revert driver assister volume retype (LP: #2019190)
     - d/p/0001-Revert-Driver-assisted-migration-on-retype-when-it-s.patch
 .
 cinder (2:23.0.0-0ubuntu1) mantic; urgency=medium
 .
   * New upstream release for OpenStack Bobcat.
 .
 cinder (2:23.0.0~rc1-0ubuntu1) mantic; urgency=medium
 .
   * New upstream release candidate for OpenStack Bobcat.
 .
 cinder (2:22.1.0+git2023090509.f79048d2-0ubuntu1) mantic; urgency=medium
 .
   * New upstream snapshot for OpenStack Bobcat.
   * d/p/install-missing-db-files.patch: Install missing db files, including
     cinder/db/alembic.ini.
 .
 cinder (2:22.1.0+git2023071214.c1a18fcd-0ubuntu1) mantic; urgency=medium
 .
   * d/gbp.conf, .launchpad.yaml: Sync from cloud-archive-tools for
     bobcat.
   * New upstream snapshot for OpenStack Bobcat.
   * d/control: Align (Build-)Depends with upstream.
   * d/p/skip-mock-spec-failures.patch: Dropped. No longer needed.
   * d/p/CVE-2023-2088-*.patch: Dropped. Fixed in snapshot.
 .
 cinder (2:22.0.0-0ubuntu4) mantic; urgency=medium
 .
   * SECURITY UPDATE: Unauthorized File Access (LP: #2021980)
     - debian/patches/CVE-2023-2088-1.patch: Reject unsafe delete
       attachment calls.
     - debian/patches/CVE-2023-2088-2.patch: Doc: Improve service token.
     - CVE-2023-2088
 .
 cinder (2:22.0.0-0ubuntu3) mantic; urgency=medium
 .
   * SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
     - debian/patches/series: Do not apply CVE-2023-2088.patch until
       patches are ready for all upstream OpenStack projects.
     - CVE-2023-2088
 .
 cinder (2:22.0.0-0ubuntu2) mantic; urgency=medium
 .
   * SECURITY UPDATE: Unauthorized File Access
     - debian/patches/CVE-2023-2088.patch: Reject unsafe delete
       attachment calls.
     - CVE-2023-2088
 .
 cinder (2:22.0.0-0ubuntu1) lunar; urgency=medium
 .
   * New upstream release for OpenStack Antelope.
   * d/p/skip-mock-spec-failures.patch: Rebased.
 .
 cinder (2:21.1.0+git2023030309.3ddce92b-0ubuntu1) lunar; urgency=medium
 .
   * d/control: Drop min version of python3-mypy to enable backport
     to cloud-archive.
   * d/watch: Drop major version.
   * New upstream snapshot for OpenStack Antelope.
   * d/p/skip-mock-spec-failures.patch: Rebased.
 .
 cinder (2:21.1.0+git2023022212.0af3df67-0ubuntu1) lunar; urgency=medium
 .
   * New upstream snapshot for OpenStack Antelope.
   * d/control: Align (Build-)Depends with upstream.
 .
 cinder (2:21.1.0+git2023012815.c9e65529-0ubuntu1) lunar; urgency=medium
 .
   * New upstream snapshot for OpenStack Antelope.
   * d/control: Align (Build-)Depends with upstream.
 .
 cinder (2:21.0.0+git2023011009.2db3fc3e-0ubuntu1) lunar; urgency=medium
 .
   * New upstream snapshot for OpenStack Antelope.
   * d/control: Align (Build-)Depends with upstream.
   * d/p/skip-mock-spec-failures.patch: Skip tests that are affected by
     "Cannot spec a Mock object" failure.
 .
 cinder (2:21.0.0-0ubuntu1) kinetic; urgency=medium
 .
   * d/watch: Scope to 21.x.
   * New upstream release for OpenStack Zed.


** Changed in: cloud-archive/bobcat
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to cinder in Ubuntu.
https://bugs.launchpad.net/bugs/1988942

Title:
  Failed to set image property. Invalid input for field/attribute
  simplestreams_metadata. Value: ... is too long (HTTP 400)

Status in Cinder:
  Fix Released
Status in Ubuntu Cloud Archive:
  Fix Released
Status in Ubuntu Cloud Archive antelope series:
  Triaged
Status in Ubuntu Cloud Archive bobcat series:
  Fix Released
Status in Ubuntu Cloud Archive caracal series:
  Fix Released
Status in Ubuntu Cloud Archive yoga series:
  Fix Released
Status in Ubuntu Cloud Archive zed series:
  Won't Fix
Status in cinder package in Ubuntu:
  Fix Released
Status in cinder source package in Jammy:
  Fix Released
Status in cinder source package in Mantic:
  Fix Released
Status in cinder source package in Noble:
  Fix Released

Bug description:
  [Impact]

  Cinder does not allow setting volume metadata properties with values longer that 255 characters. Glance does allow values of up to 65536 bytes and a volume created from an image with metadata larger than 255 characters will keep that longer value in Cinder (the Cinder database field is long enough to hold it). The problem is that Cinder would not let a longer value to be set after the volume has been created.
  This is inconsistent and generates issues in backup services that expect to be able to set metadata values to the same value the volume had before.

  
  [Test Plan]

  Create a volume:

  openstack volume create test_vol --size 1

  Try to set a property with a long value:

  openstack volume set test_vol --image-property
  longprop=12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890

  This should return an error like:

  Invalid input for field/attribute longprop. Value: 123456789012345...'
  is too long (HTTP 400) (Request-ID:
  req-69875caf-16e1-4afb-91c0-3e50ff694c07)

  Update cinder to this SRU version and run the volume set command
  again. It should work and return nothing.

  
  [Where problems could occur]

  The patch just changes the validation for the metadata length. It
  includes several tests of border cases. Worst case could be that it
  would not allow setting a metadata value that was allowed before but
  as the check has been changed to increase the value size that is
  unlikely.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1988942/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list