-
Notifications
You must be signed in to change notification settings - Fork 355
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Async Service Brokers can return unrestricted operation
data in response body
#695
Comments
We have created an issue in Pivotal Tracker to manage this: https://www.pivotaltracker.com/story/show/131993979 The labels on this github issue will be updated when the story is started. |
@avade It would be interesting to double check the handling of other service broker returned data is enforcing a specific size besides the DB schema enforcement:
Large db content injections may also come from the user provided content through the CLI, such as the service tags. However in this specific example, the CC seems to properly control this size: 666eda0 |
Hi @avade, We think it's reasonable to apply a validation on a broker provided operation field. We're hesitant to limit this field too much in case it would break an existing service broker. We think the next course of action is to poll the CF-dev community and ask whether there are any objections to setting a limit of [to be decided with input from @SocalNick. 10KB?]. @michaelxupiv & @utako, CF CAPI Team |
Sounds like a good next step. @SocalNick - do you want to poll the community? On Tue, Nov 1, 2016 at 10:57 PM, Michael Xu notifications@github.com
|
This is a very new feature. I'm not sure that polling the community is necessary, shouldn't we just fix it? |
@SocalNick: My concern is that there are already brokers that return operations bigger than 10KB, but I'm fine with this as a new feature if you feel like that's unnecessary. |
I'd like to fix this bug by reducing the size of |
[GH #695] [Finishes #131993979] Signed-off-by: Eric Promislow <eric.promislow@hpe.com>
This feels like it's bad because we have a service, but we've lost the provision response. This seems like an undesirable state. Would it be better to truncate the response?
|
I investigated and the current implementation (raising an exception if > 10k characters) results in the following:
It's interesting to note that we could get in this same state if the database deadlocked while persisting the service instance operation. I'm not convinced that truncation is the correct strategy here. This field is meant to allow brokers to persist data in the CC, so that they don't have to maintain their own data store. Broker authors will likely serialize their data into this field, and truncating serialized JSON etc will definitely break brokers. This could cause service instances to get stuck in "In Progress" state while their brokers throw 4XX/5XXs due to the garbled data coming from CC (until the operation times out 1 week later). If we want to keep something like the current implementation (fail fast), maybe the validation should live in response parser instead of the model, so it is more in line with the other broker response validations. What do you think @avade? |
I will defer this question to @jamesjoshuahill, way on the engineering side 👍 |
[GH #695] [#131993979] Signed-off-by: Greg Cobb <gcobb@pivotal.io> Signed-off-by: Zach Robinson <zrobinson@pivotal.io>
Hi! 10k characters feels like a lot. For example, a typical on-demand service broker response would be: I agree with @Gerg that truncation would be unhelpful. I suggest rejecting a response with operation data that exceeds the limit. |
I think 255 is too small, given we don't know how large other brokers response is. @SocalNick are you suggesting 10k characters or 10kb? 10kb would be 2560 characters if all chars were 4 bytes. |
Issue
In the Service Broker API there only a database size restriction on the new "operation" string returned on the body of the provisioning and update. This could cause issues with the CC DB filling up if the service broker returns large amounts of data.
Context
Looking at the PR, I quickly searched for size restriction on the operation field, and could only see potential limitation on the cc_db. The schema migration seems to declare the field as a TEXT column (from Sequel datatype). On mysql, the TEXT seems a variable length datatype according to 1 and 2. On postgresql, it is also a variable unlimited length.
Steps to Reproduce
operation
field with a 10mb payload.Expected result
CC DB could run out of storage.
Current result
Possible Fix
Limit the payload size for the response body to ~10kb?
name of issue
screenshot?
The text was updated successfully, but these errors were encountered: