Possible collision on FQDN of bucket #122

Open
opened 2024-10-21 17:32:48 +00:00 by amitropolskiy · 1 comment

With the implementation of GUBN and VHS and the ability to specify names with dots there is a possibility for collision of full domain names of buckets, if we manipulate names so in one case part of the domain name goes into bucket name and in other - to the protocol domain name. See the Steps to Reproduce (example) section for an exact example what is anticipated.

Expected Behavior

On container creation if FQDN already present for any other container - return error.

Current Behavior

Probably will create a container and a collision for it's name, probable shadowing.

Possible Solution

Probably store the FQDN (Fully Qualified Domain Name) for the containers under GUBN (?) to perform quick check for collisions.

Steps to Reproduce (example)

Let's assume we have GUBN with GlobalCNAMEZone = "bobr" and creating new namespaces with vhs, let the domain be - domain.tld.

  1. First namespace - kapusta
    let's create it as is, so we have next protocol domains:

*.web.s3.kapusta.domain.tld;
*.s3.kapusta.domain.tld;
iam.kapusta.domain.tld;

Next step - we creating bucket with name cats, so cats is addressed by:

cats.web.s3.kapusta.domain.tld;
cats.s3.kapusta.domain.tld;
cats.bobr

  1. Second namespace - yabloko and let's redefine default protocol domains:
    web.s3.yabloko.domain.tld -> s3.kapusta.domain.tld
    s3.yabloko.domain.tld -> s3-kapusta.domain.tld
    iam.yabloko.domain.tld -> iam-kapusta.domain.tld

so we have now following ones:
*.s3.kapusta.domain.tld;
*.s3-kapusta.domain.tld;
iam-kapusta.domain.tld;

and a buckut named cats.web:
cats.web.s3.kapusta.domain.tld;
cats.web.s3-kapusta.domain.tld;
cats.web.bobr

As a resultcats.web.s3.kapusta.domain.tld; is both cats.web in yabloko namespace, and cats in namespace kapusta.

Context

Regression

Your Environment

  • Version used:
  • Server setup and configuration:
  • Operating System and version (uname -a):
With the implementation of GUBN and VHS and the ability to specify names with dots there is a possibility for collision of full domain names of buckets, if we manipulate names so in one case part of the domain name goes into bucket name and in other - to the protocol domain name. See the `Steps to Reproduce (example)` section for an exact example what is anticipated. ## Expected Behavior On container creation if FQDN already present for any other container - return error. ## Current Behavior Probably will create a container and a collision for it's name, probable shadowing. ## Possible Solution Probably store the FQDN (Fully Qualified Domain Name) for the containers under GUBN (?) to perform quick check for collisions. ## Steps to Reproduce (example) Let's assume we have GUBN with `GlobalCNAMEZone = "bobr"` and creating new namespaces with vhs, let the domain be - `domain.tld`. 1. First namespace - kapusta let's create it as is, so we have next protocol domains: `*.web.s3.kapusta.domain.tld;` `*.s3.kapusta.domain.tld;` `iam.kapusta.domain.tld;` Next step - we creating bucket with name `cats`, so `cats` is addressed by: `cats.web.s3.kapusta.domain.tld;` `cats.s3.kapusta.domain.tld;` `cats.bobr` 2. Second namespace - yabloko and let's redefine default protocol domains: `web.s3.yabloko.domain.tld -> s3.kapusta.domain.tld` `s3.yabloko.domain.tld -> s3-kapusta.domain.tld` `iam.yabloko.domain.tld -> iam-kapusta.domain.tld` so we have now following ones: `*.s3.kapusta.domain.tld;` `*.s3-kapusta.domain.tld;` `iam-kapusta.domain.tld;` and a buckut named `cats.web`: `cats.web.s3.kapusta.domain.tld;` `cats.web.s3-kapusta.domain.tld;` `cats.web.bobr` As a result`cats.web.s3.kapusta.domain.tld;` is both `cats.web` in yabloko namespace, and `cats` in namespace `kapusta`. ## Context <!--- How has this issue affected you? What are you trying to accomplish? --> <!--- Providing context helps us come up with a solution that is most useful in the real world --> ## Regression <!-- Is this issue a regression? (Yes / No) --> <!-- If Yes, optionally please include version or commit id or PR# that caused this regression, if you have these details. --> ## Your Environment <!--- Include as many relevant details about the environment you experienced the bug in --> * Version used: * Server setup and configuration: * Operating System and version (`uname -a`):
amitropolskiy added the
bug
label 2024-10-21 17:32:48 +00:00
Author

@realloc validate, please

@realloc validate, please
achuprov was assigned by fyrchik 2024-12-04 06:52:31 +00:00
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: TrueCloudLab/frostfs-contract#122
No description provided.