You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@slider.apache.org by "Gour Saha (JIRA)" <ji...@apache.org> on 2014/08/04 23:30:15 UTC

[jira] [Updated] (SLIDER-281) URL endpoint for registration and heartbeat accepts any string as label name

     [ https://issues.apache.org/jira/browse/SLIDER-281?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Gour Saha updated SLIDER-281:
-----------------------------

    Description: 
The label portion in the URL path for registration and heartbeat accepts any string and does not need to be the correct container/label name.

It probably does not validate the string in the path and relies on the value provided in the JSON data. So either the label string should be eliminated from the path or validated to be correct.

Here are some sample endpoints -
https://c6408.ambari.apache.org:38092/ws/v1/slider/agents/{color:red}junk{color}/register
https://c6408.ambari.apache.org:38092/ws/v1/slider/agents/{color:red}junk{color}/heartbeat

Full requests/reponses provided here -

{noformat}
curl -i -k -X POST -H "Content-type: application/json" -d '{"timestamp": 1407177977626, "hostname": "container_1406931682142_0009_01_000003___HBASE_REGIONSERVER", "responseId": -1, "agentVersion": "1", "publicHostname": "c6408.ambari.apache.org"}' https://c6408.ambari.apache.org:38092/ws/v1/slider/agents/junk/register
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Server: Jetty(6.1.26)

{"response":"OK","exitstatus":0,"responseStatus":"OK","responseId":0}
{noformat}

{noformat}
curl -i -k -X POST -H "Content-Type: application/json" -d '{"nodeStatus": {"status": "HEALTHY", "cause": "NONE"}, "timestamp": 1407177977626, "hostname": "container_1406931682142_0009_01_000003___HBASE_REGIONSERVER", "responseId": 28, "fqdn": "c6408.ambari.apache.org", "reports": []}' https://c6408.ambari.apache.org:38092/ws/v1/slider/agents/junk/heartbeat
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Server: Jetty(6.1.26)

{"hasMappedComponents":false,"executionCommands":[],"statusCommands":[],"restartAgent":false,"responseId":29}
{noformat}



  was:
The label portion in the URL path for registration and heartbeat accepts any string and does not need to be the correct container/label name.

It probably does not validate the string in the path and relies on the value provided in the JSON data. So either the label string should be eliminated from the path or validated to be correct.

Here are some sample requests/reponses. 

{noformat}
curl -i -k -X POST -H "Content-type: application/json" -d '{"timestamp": 1407177977626, "hostname": "container_1406931682142_0009_01_000003___HBASE_REGIONSERVER", "responseId": -1, "agentVersion": "1", "publicHostname": "c6408.ambari.apache.org"}' https://c6408.ambari.apache.org:38092/ws/v1/slider/agents/junk/register
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Server: Jetty(6.1.26)

{"response":"OK","exitstatus":0,"responseStatus":"OK","responseId":0}
{noformat}

{noformat}
curl -i -k -X POST -H "Content-Type: application/json" -d '{"nodeStatus": {"status": "HEALTHY", "cause": "NONE"}, "timestamp": 1407177977626, "hostname": "container_1406931682142_0009_01_000003___HBASE_REGIONSERVER", "responseId": 28, "fqdn": "c6408.ambari.apache.org", "reports": []}' https://c6408.ambari.apache.org:38092/ws/v1/slider/agents/junk/heartbeat
HTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Server: Jetty(6.1.26)

{"hasMappedComponents":false,"executionCommands":[],"statusCommands":[],"restartAgent":false,"responseId":29}
{noformat}




> URL endpoint for registration and heartbeat accepts any string as label name
> ----------------------------------------------------------------------------
>
>                 Key: SLIDER-281
>                 URL: https://issues.apache.org/jira/browse/SLIDER-281
>             Project: Slider
>          Issue Type: Bug
>          Components: appmaster, Web & REST
>    Affects Versions: Slider 0.40
>            Reporter: Gour Saha
>
> The label portion in the URL path for registration and heartbeat accepts any string and does not need to be the correct container/label name.
> It probably does not validate the string in the path and relies on the value provided in the JSON data. So either the label string should be eliminated from the path or validated to be correct.
> Here are some sample endpoints -
> https://c6408.ambari.apache.org:38092/ws/v1/slider/agents/{color:red}junk{color}/register
> https://c6408.ambari.apache.org:38092/ws/v1/slider/agents/{color:red}junk{color}/heartbeat
> Full requests/reponses provided here -
> {noformat}
> curl -i -k -X POST -H "Content-type: application/json" -d '{"timestamp": 1407177977626, "hostname": "container_1406931682142_0009_01_000003___HBASE_REGIONSERVER", "responseId": -1, "agentVersion": "1", "publicHostname": "c6408.ambari.apache.org"}' https://c6408.ambari.apache.org:38092/ws/v1/slider/agents/junk/register
> HTTP/1.1 200 OK
> Content-Type: application/json
> Transfer-Encoding: chunked
> Server: Jetty(6.1.26)
> {"response":"OK","exitstatus":0,"responseStatus":"OK","responseId":0}
> {noformat}
> {noformat}
> curl -i -k -X POST -H "Content-Type: application/json" -d '{"nodeStatus": {"status": "HEALTHY", "cause": "NONE"}, "timestamp": 1407177977626, "hostname": "container_1406931682142_0009_01_000003___HBASE_REGIONSERVER", "responseId": 28, "fqdn": "c6408.ambari.apache.org", "reports": []}' https://c6408.ambari.apache.org:38092/ws/v1/slider/agents/junk/heartbeat
> HTTP/1.1 200 OK
> Content-Type: application/json
> Transfer-Encoding: chunked
> Server: Jetty(6.1.26)
> {"hasMappedComponents":false,"executionCommands":[],"statusCommands":[],"restartAgent":false,"responseId":29}
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.2#6252)