Add token validation to curvature.

[robertstarmer]

I know we've seen something like this before:

<title>Action Controller: Exception caught</title> <style> body { background-color: #fff; color: #333; }

body, p, ol, ul, td {
  font-family: helvetica, verdana, arial, sans-serif;
  font-size:   13px;
  line-height: 18px;
}

pre {
  background-color: #eee;
  padding: 10px;
  font-size: 11px;
  white-space: pre-wrap;
}

a { color: #000; }
a:visited { color: #666; }
a:hover { color: #fff; background-color:#000; }

</style>

ActiveRecord::RecordNotFound in DeployedContainersController#index

Couldn't find Storage without an ID

Rails.root: /opt/donabe

Application Trace | Framework Trace | Full Trace

<div id="Application-Trace" style="display: block;">
  <pre><code>app/controllers/deployed_containers_controller.rb:33:in `rescue in index&#x27;

app/controllers/deployed_containers_controller.rb:23:in index&#x27;</code></pre> </div> <div id="Framework-Trace" style="display: none;"> <pre><code>activerecord (3.2.8) lib/active_record/relation/finder_methods.rb:310:in find_with_ids'
activerecord (3.2.8) lib/active_record/relation/finder_methods.rb:107:in find' activerecord (3.2.8) lib/active_record/querying.rb:5:in find'
actionpack (3.2.8) lib/action_controller/metal/implicit_render.rb:4:in send_action' actionpack (3.2.8) lib/abstract_controller/base.rb:167:in process_action'
actionpack (3.2.8) lib/action_controller/metal/rendering.rb:10:in process_action' actionpack (3.2.8) lib/abstract_controller/callbacks.rb:18:in block in process_action'
activesupport (3.2.8) lib/active_support/callbacks.rb:403:in _run__671858439435266604__process_action__1395755320764098276__callbacks' activesupport (3.2.8) lib/active_support/callbacks.rb:405:in __run_callback'
activesupport (3.2.8) lib/active_support/callbacks.rb:385:in _run_process_action_callbacks' activesupport (3.2.8) lib/active_support/callbacks.rb:81:in run_callbacks'
actionpack (3.2.8) lib/abstract_controller/callbacks.rb:17:in process_action' actionpack (3.2.8) lib/action_controller/metal/rescue.rb:29:in process_action'
actionpack (3.2.8) lib/action_controller/metal/instrumentation.rb:30:in block in process_action' activesupport (3.2.8) lib/active_support/notifications.rb:123:in block in instrument'
activesupport (3.2.8) lib/active_support/notifications/instrumenter.rb:20:in instrument' activesupport (3.2.8) lib/active_support/notifications.rb:123:in instrument'
actionpack (3.2.8) lib/action_controller/metal/instrumentation.rb:29:in process_action' actionpack (3.2.8) lib/action_controller/metal/params_wrapper.rb:207:in process_action'
activerecord (3.2.8) lib/active_record/railties/controller_runtime.rb:18:in process_action' actionpack (3.2.8) lib/abstract_controller/base.rb:121:in process'
actionpack (3.2.8) lib/abstract_controller/rendering.rb:45:in process' actionpack (3.2.8) lib/action_controller/metal.rb:203:in dispatch'
actionpack (3.2.8) lib/action_controller/metal/rack_delegation.rb:14:in dispatch' actionpack (3.2.8) lib/action_controller/metal.rb:246:in block in action'
actionpack (3.2.8) lib/action_dispatch/routing/route_set.rb:73:in call' actionpack (3.2.8) lib/action_dispatch/routing/route_set.rb:73:in dispatch'
actionpack (3.2.8) lib/action_dispatch/routing/route_set.rb:36:in call' journey (1.0.4) lib/journey/router.rb:68:in block in call'
journey (1.0.4) lib/journey/router.rb:56:in each' journey (1.0.4) lib/journey/router.rb:56:in call'
actionpack (3.2.8) lib/action_dispatch/routing/route_set.rb:600:in call' actionpack (3.2.8) lib/action_dispatch/middleware/best_standards_support.rb:17:in call'
rack (1.4.5) lib/rack/etag.rb:23:in call' rack (1.4.5) lib/rack/conditionalget.rb:25:in call'
actionpack (3.2.8) lib/action_dispatch/middleware/head.rb:14:in call' actionpack (3.2.8) lib/action_dispatch/middleware/params_parser.rb:21:in call'
actionpack (3.2.8) lib/action_dispatch/middleware/flash.rb:242:in call' rack (1.4.5) lib/rack/session/abstract/id.rb:210:in context'
rack (1.4.5) lib/rack/session/abstract/id.rb:205:in call' actionpack (3.2.8) lib/action_dispatch/middleware/cookies.rb:339:in call'
activerecord (3.2.8) lib/active_record/query_cache.rb:64:in call' activerecord (3.2.8) lib/active_record/connection_adapters/abstract/connection_pool.rb:473:in call'
actionpack (3.2.8) lib/action_dispatch/middleware/callbacks.rb:28:in block in call' activesupport (3.2.8) lib/active_support/callbacks.rb:405:in _run__2939623873060620647__call__1731706718715207871__callbacks'
activesupport (3.2.8) lib/active_support/callbacks.rb:405:in __run_callback' activesupport (3.2.8) lib/active_support/callbacks.rb:385:in _run_call_callbacks'
activesupport (3.2.8) lib/active_support/callbacks.rb:81:in run_callbacks' actionpack (3.2.8) lib/action_dispatch/middleware/callbacks.rb:27:in call'
actionpack (3.2.8) lib/action_dispatch/middleware/reloader.rb:65:in call' actionpack (3.2.8) lib/action_dispatch/middleware/remote_ip.rb:31:in call'
better_errors (1.0.1) lib/better_errors/middleware.rb:58:in call' actionpack (3.2.8) lib/action_dispatch/middleware/debug_exceptions.rb:16:in call'
actionpack (3.2.8) lib/action_dispatch/middleware/show_exceptions.rb:56:in call' railties (3.2.8) lib/rails/rack/logger.rb:26:in call_app'
railties (3.2.8) lib/rails/rack/logger.rb:16:in call' actionpack (3.2.8) lib/action_dispatch/middleware/request_id.rb:22:in call'
rack (1.4.5) lib/rack/methodoverride.rb:21:in call' rack (1.4.5) lib/rack/runtime.rb:17:in call'
activesupport (3.2.8) lib/active_support/cache/strategy/local_cache.rb:72:in call' rack (1.4.5) lib/rack/lock.rb:15:in call'
actionpack (3.2.8) lib/action_dispatch/middleware/static.rb:62:in call' railties (3.2.8) lib/rails/engine.rb:479:in call'
railties (3.2.8) lib/rails/application.rb:223:in call' rack (1.4.5) lib/rack/content_length.rb:14:in call'
railties (3.2.8) lib/rails/rack/log_tailer.rb:17:in call' rack (1.4.5) lib/rack/handler/webrick.rb:59:in service'
/usr/lib/ruby/1.9.1/webrick/httpserver.rb:138:in service' /usr/lib/ruby/1.9.1/webrick/httpserver.rb:94:in run'
/usr/lib/ruby/1.9.1/webrick/server.rb:191:in block in start_thread&#x27;</code></pre> </div> <div id="Full-Trace" style="display: none;"> <pre><code>activerecord (3.2.8) lib/active_record/relation/finder_methods.rb:310:in find_with_ids'
activerecord (3.2.8) lib/active_record/relation/finder_methods.rb:107:in find' activerecord (3.2.8) lib/active_record/querying.rb:5:in find'
app/controllers/deployed_containers_controller.rb:33:in rescue in index' app/controllers/deployed_containers_controller.rb:23:in index'
actionpack (3.2.8) lib/action_controller/metal/implicit_render.rb:4:in send_action' actionpack (3.2.8) lib/abstract_controller/base.rb:167:in process_action'
actionpack (3.2.8) lib/action_controller/metal/rendering.rb:10:in process_action' actionpack (3.2.8) lib/abstract_controller/callbacks.rb:18:in block in process_action'
activesupport (3.2.8) lib/active_support/callbacks.rb:403:in _run__671858439435266604__process_action__1395755320764098276__callbacks' activesupport (3.2.8) lib/active_support/callbacks.rb:405:in __run_callback'
activesupport (3.2.8) lib/active_support/callbacks.rb:385:in _run_process_action_callbacks' activesupport (3.2.8) lib/active_support/callbacks.rb:81:in run_callbacks'
actionpack (3.2.8) lib/abstract_controller/callbacks.rb:17:in process_action' actionpack (3.2.8) lib/action_controller/metal/rescue.rb:29:in process_action'
actionpack (3.2.8) lib/action_controller/metal/instrumentation.rb:30:in block in process_action' activesupport (3.2.8) lib/active_support/notifications.rb:123:in block in instrument'
activesupport (3.2.8) lib/active_support/notifications/instrumenter.rb:20:in instrument' activesupport (3.2.8) lib/active_support/notifications.rb:123:in instrument'
actionpack (3.2.8) lib/action_controller/metal/instrumentation.rb:29:in process_action' actionpack (3.2.8) lib/action_controller/metal/params_wrapper.rb:207:in process_action'
activerecord (3.2.8) lib/active_record/railties/controller_runtime.rb:18:in process_action' actionpack (3.2.8) lib/abstract_controller/base.rb:121:in process'
actionpack (3.2.8) lib/abstract_controller/rendering.rb:45:in process' actionpack (3.2.8) lib/action_controller/metal.rb:203:in dispatch'
actionpack (3.2.8) lib/action_controller/metal/rack_delegation.rb:14:in dispatch' actionpack (3.2.8) lib/action_controller/metal.rb:246:in block in action'
actionpack (3.2.8) lib/action_dispatch/routing/route_set.rb:73:in call' actionpack (3.2.8) lib/action_dispatch/routing/route_set.rb:73:in dispatch'
actionpack (3.2.8) lib/action_dispatch/routing/route_set.rb:36:in call' journey (1.0.4) lib/journey/router.rb:68:in block in call'
journey (1.0.4) lib/journey/router.rb:56:in each' journey (1.0.4) lib/journey/router.rb:56:in call'
actionpack (3.2.8) lib/action_dispatch/routing/route_set.rb:600:in call' actionpack (3.2.8) lib/action_dispatch/middleware/best_standards_support.rb:17:in call'
rack (1.4.5) lib/rack/etag.rb:23:in call' rack (1.4.5) lib/rack/conditionalget.rb:25:in call'
actionpack (3.2.8) lib/action_dispatch/middleware/head.rb:14:in call' actionpack (3.2.8) lib/action_dispatch/middleware/params_parser.rb:21:in call'
actionpack (3.2.8) lib/action_dispatch/middleware/flash.rb:242:in call' rack (1.4.5) lib/rack/session/abstract/id.rb:210:in context'
rack (1.4.5) lib/rack/session/abstract/id.rb:205:in call' actionpack (3.2.8) lib/action_dispatch/middleware/cookies.rb:339:in call'
activerecord (3.2.8) lib/active_record/query_cache.rb:64:in call' activerecord (3.2.8) lib/active_record/connection_adapters/abstract/connection_pool.rb:473:in call'
actionpack (3.2.8) lib/action_dispatch/middleware/callbacks.rb:28:in block in call' activesupport (3.2.8) lib/active_support/callbacks.rb:405:in _run__2939623873060620647__call__1731706718715207871__callbacks'
activesupport (3.2.8) lib/active_support/callbacks.rb:405:in __run_callback' activesupport (3.2.8) lib/active_support/callbacks.rb:385:in _run_call_callbacks'
activesupport (3.2.8) lib/active_support/callbacks.rb:81:in run_callbacks' actionpack (3.2.8) lib/action_dispatch/middleware/callbacks.rb:27:in call'
actionpack (3.2.8) lib/action_dispatch/middleware/reloader.rb:65:in call' actionpack (3.2.8) lib/action_dispatch/middleware/remote_ip.rb:31:in call'
better_errors (1.0.1) lib/better_errors/middleware.rb:58:in call' actionpack (3.2.8) lib/action_dispatch/middleware/debug_exceptions.rb:16:in call'
actionpack (3.2.8) lib/action_dispatch/middleware/show_exceptions.rb:56:in call' railties (3.2.8) lib/rails/rack/logger.rb:26:in call_app'
railties (3.2.8) lib/rails/rack/logger.rb:16:in call' actionpack (3.2.8) lib/action_dispatch/middleware/request_id.rb:22:in call'
rack (1.4.5) lib/rack/methodoverride.rb:21:in call' rack (1.4.5) lib/rack/runtime.rb:17:in call'
activesupport (3.2.8) lib/active_support/cache/strategy/local_cache.rb:72:in call' rack (1.4.5) lib/rack/lock.rb:15:in call'
actionpack (3.2.8) lib/action_dispatch/middleware/static.rb:62:in call' railties (3.2.8) lib/rails/engine.rb:479:in call'
railties (3.2.8) lib/rails/application.rb:223:in call' rack (1.4.5) lib/rack/content_length.rb:14:in call'
railties (3.2.8) lib/rails/rack/log_tailer.rb:17:in call' rack (1.4.5) lib/rack/handler/webrick.rb:59:in service'
/usr/lib/ruby/1.9.1/webrick/httpserver.rb:138:in service' /usr/lib/ruby/1.9.1/webrick/httpserver.rb:94:in run'
/usr/lib/ruby/1.9.1/webrick/server.rb:191:in `block in start_thread'

Request

Parameters:

{"tenant_id"=>"3241cdb288924765be00e36c8a0840ee",
 "format"=>"json",
 "deployed_container"=>{}}

Show session dump

Show env dump

GATEWAY_INTERFACE: "CGI/1.1"
HTTP_ACCEPT: "*/*"
REMOTE_ADDR: "172.29.75.198"
REMOTE_HOST: "alpha-control01.ctocllab.cisco.com"
SERVER_NAME: "alpha-os.cisco.com"
SERVER_PROTOCOL: "HTTP/1.1"

Response

Headers:

None

[johndavidge]

What is happening when you see this error? It looks like Curvature is sending Donabe a request for a Deployed Container without supplying an ID. Try re-initializing the Curvature DB with:

rake db:drop
rake db:create
rake db:migrate

If that doesn't work try it for Donabe as well.

[robertstarmer]

Had to really wipe out cookies for the instance to get it to recover. (after resetting the db for both apps, and restarting both services).

R

On Oct 17, 2013, at 10:33 AM, johndavidge <[email protected]mailto:[email protected]>
wrote:

rake db:drop
rake db:create
rake db:migrate

[johndavidge]

Further investigation lead me to discover that if Curvature sends Donabe a request for the list of Deployed Containers but didn't send a valid X-Auth-Token in the message header Donabe would attempt to fall back onto a deprecated cookie-based authentication system. This has now been removed and replaced with an HTTP 401 response. This does not however explain why Curvature is sending bad tokens in the first place.

[robertstarmer]

Bad tokens may be delivered from expired sessions, as from a browser that recovers after having been asleep for a period of time.

R

Sent from a device

On Oct 18, 2013, at 9:06 AM, "johndavidge" <[email protected]mailto:[email protected]> wrote:

Further investigation lead me to discovered that if Curvature sends Donabe a request for the list of Deployed Containers but didn't send a valid X-Auth-Token in the message header Donabe would attempt to fall back onto a deprecated cookie-based authentication system. This has now been removed and replaced with an HTTP 401 response. This does not however explain why Curvature is sending bad tokens in the first place.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/3#issuecomment-26598122.