Possible collision on FQDN of bucket #122

New issue

Open

opened 2024-10-21 17:32:48 +00:00 by amitropolskiy · 1 comment

amitropolskiy commented

2024-10-21 17:32:48 +00:00

Expected Behavior

On container creation if FQDN already present for any other container - return error.

Current Behavior

Probably will create a container and a collision for it's name, probable shadowing.

Possible Solution

Probably store the FQDN (Fully Qualified Domain Name) for the containers under GUBN (?) to perform quick check for collisions.

Steps to Reproduce (example)

Let's assume we have GUBN with GlobalCNAMEZone = "bobr" and creating new namespaces with vhs, let the domain be - domain.tld.

First namespace - kapusta
let's create it as is, so we have next protocol domains:

*.web.s3.kapusta.domain.tld;
*.s3.kapusta.domain.tld;
iam.kapusta.domain.tld;

Next step - we creating bucket with name cats, so cats is addressed by:

cats.web.s3.kapusta.domain.tld;
cats.s3.kapusta.domain.tld;
cats.bobr

Second namespace - yabloko and let's redefine default protocol domains:
web.s3.yabloko.domain.tld -> s3.kapusta.domain.tld
s3.yabloko.domain.tld -> s3-kapusta.domain.tld
iam.yabloko.domain.tld -> iam-kapusta.domain.tld

so we have now following ones:
*.s3.kapusta.domain.tld;
*.s3-kapusta.domain.tld;
iam-kapusta.domain.tld;

and a buckut named cats.web:
cats.web.s3.kapusta.domain.tld;
cats.web.s3-kapusta.domain.tld;
cats.web.bobr

As a resultcats.web.s3.kapusta.domain.tld; is both cats.web in yabloko namespace, and cats in namespace kapusta.

Context

Regression

Your Environment

Version used:
Server setup and configuration:
Operating System and version (uname -a):

With the implementation of GUBN and VHS and the ability to specify names with dots there is a possibility for collision of full domain names of buckets, if we manipulate names so in one case part of the domain name goes into bucket name and in other - to the protocol domain name. See the `Steps to Reproduce (example)` section for an exact example what is anticipated. ## Expected Behavior On container creation if FQDN already present for any other container - return error. ## Current Behavior Probably will create a container and a collision for it's name, probable shadowing. ## Possible Solution Probably store the FQDN (Fully Qualified Domain Name) for the containers under GUBN (?) to perform quick check for collisions. ## Steps to Reproduce (example) Let's assume we have GUBN with `GlobalCNAMEZone = "bobr"` and creating new namespaces with vhs, let the domain be - `domain.tld`. 1. First namespace - kapusta let's create it as is, so we have next protocol domains: `*.web.s3.kapusta.domain.tld;` `*.s3.kapusta.domain.tld;` `iam.kapusta.domain.tld;` Next step - we creating bucket with name `cats`, so `cats` is addressed by: `cats.web.s3.kapusta.domain.tld;` `cats.s3.kapusta.domain.tld;` `cats.bobr` 2. Second namespace - yabloko and let's redefine default protocol domains: `web.s3.yabloko.domain.tld -> s3.kapusta.domain.tld` `s3.yabloko.domain.tld -> s3-kapusta.domain.tld` `iam.yabloko.domain.tld -> iam-kapusta.domain.tld` so we have now following ones: `*.s3.kapusta.domain.tld;` `*.s3-kapusta.domain.tld;` `iam-kapusta.domain.tld;` and a buckut named `cats.web`: `cats.web.s3.kapusta.domain.tld;` `cats.web.s3-kapusta.domain.tld;` `cats.web.bobr` As a result`cats.web.s3.kapusta.domain.tld;` is both `cats.web` in yabloko namespace, and `cats` in namespace `kapusta`. ## Context   ## Regression   ## Your Environment  * Version used: * Server setup and configuration: * Operating System and version (`uname -a`):