Fix some index-references and warn about remaining (#55727)

The ACI MultiSite PATCH API has a deficiency requiring some objects to be referenced by index.
This can cause silent corruption on concurrent access when changing/removing on object as
the wrong object may be referenced.

This PR removes some references by index, and documents this issue for
others.
This commit is contained in:
Dag Wieers 2019-05-07 15:00:04 +02:00 committed by GitHub
parent 2007a79952
commit beca3661a4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 39 additions and 12 deletions

View file

@ -166,8 +166,7 @@ def main():
if anp is not None and anp_ref in anps: if anp is not None and anp_ref in anps:
anp_idx = anps.index(anp_ref) anp_idx = anps.index(anp_ref)
# FIXME: Changes based on index are DANGEROUS anp_path = '/sites/{0}/anps/{1}'.format(site_template, anp)
anp_path = '/sites/{0}/anps/{1}'.format(site_template, anp_idx)
mso.existing = schema_obj['sites'][site_idx]['anps'][anp_idx] mso.existing = schema_obj['sites'][site_idx]['anps'][anp_idx]
if state == 'query': if state == 'query':

View file

@ -181,8 +181,7 @@ def main():
epgs = [e['epgRef'] for e in schema_obj['sites'][site_idx]['anps'][anp_idx]['epgs']] epgs = [e['epgRef'] for e in schema_obj['sites'][site_idx]['anps'][anp_idx]['epgs']]
if epg is not None and epg_ref in epgs: if epg is not None and epg_ref in epgs:
epg_idx = epgs.index(epg_ref) epg_idx = epgs.index(epg_ref)
# FIXME: Changes based on index are DANGEROUS epg_path = '/sites/{0}/anps/{1}/epgs/{2}'.format(site_template, anp, epg)
epg_path = '/sites/{0}/anps/{1}/epgs/{2}'.format(site_template, anp_idx, epg_idx)
mso.existing = schema_obj['sites'][site_idx]['anps'][anp_idx]['epgs'][epg_idx] mso.existing = schema_obj['sites'][site_idx]['anps'][anp_idx]['epgs'][epg_idx]
if state == 'query': if state == 'query':
@ -192,7 +191,7 @@ def main():
mso.fail_json(msg="EPG '{epg}' not found".format(epg=epg)) mso.fail_json(msg="EPG '{epg}' not found".format(epg=epg))
mso.exit_json() mso.exit_json()
epgs_path = '/sites/{0}/anps/{1}/epgs'.format(site_template, anp_idx) epgs_path = '/sites/{0}/anps/{1}/epgs'.format(site_template, anp)
ops = [] ops = []
mso.previous = mso.existing mso.previous = mso.existing

View file

@ -64,6 +64,10 @@ options:
type: str type: str
choices: [ absent, present, query ] choices: [ absent, present, query ]
default: present default: present
notes:
- The ACI MultiSite PATCH API has a deficiency requiring some objects to be referenced by index.
This can cause silent corruption on concurrent access when changing/removing on object as
the wrong object may be referenced. This module is affected by this deficiency.
seealso: seealso:
- module: mso_schema_site_anp_epg - module: mso_schema_site_anp_epg
- module: mso_schema_template_anp_epg - module: mso_schema_template_anp_epg
@ -223,7 +227,7 @@ def main():
mso.fail_json(msg="Static leaf '{leaf}/{vlan}' not found".format(leaf=leaf, vlan=vlan)) mso.fail_json(msg="Static leaf '{leaf}/{vlan}' not found".format(leaf=leaf, vlan=vlan))
mso.exit_json() mso.exit_json()
leafs_path = '/sites/{0}/anps/{1}/epgs/{2}/staticLeafs'.format(site_template, anp_idx, epg_idx) leafs_path = '/sites/{0}/anps/{1}/epgs/{2}/staticLeafs'.format(site_template, anp, epg)
ops = [] ops = []
mso.previous = mso.existing mso.previous = mso.existing

View file

@ -88,6 +88,10 @@ options:
type: str type: str
choices: [ absent, present, query ] choices: [ absent, present, query ]
default: present default: present
notes:
- The ACI MultiSite PATCH API has a deficiency requiring some objects to be referenced by index.
This can cause silent corruption on concurrent access when changing/removing on object as
the wrong object may be referenced. This module is affected by this deficiency.
seealso: seealso:
- module: mso_schema_site_anp_epg - module: mso_schema_site_anp_epg
- module: mso_schema_template_anp_epg - module: mso_schema_template_anp_epg
@ -266,7 +270,7 @@ def main():
mso.fail_json(msg="Static port '{portpath}' not found".format(portpath=portpath)) mso.fail_json(msg="Static port '{portpath}' not found".format(portpath=portpath))
mso.exit_json() mso.exit_json()
ports_path = '/sites/{0}/anps/{1}/epgs/{2}/staticPorts'.format(site_template, anp_idx, epg_idx) ports_path = '/sites/{0}/anps/{1}/epgs/{2}/staticPorts'.format(site_template, anp, epg)
ops = [] ops = []
mso.previous = mso.existing mso.previous = mso.existing

View file

@ -74,6 +74,10 @@ options:
type: str type: str
choices: [ absent, present, query ] choices: [ absent, present, query ]
default: present default: present
notes:
- The ACI MultiSite PATCH API has a deficiency requiring some objects to be referenced by index.
This can cause silent corruption on concurrent access when changing/removing on object as
the wrong object may be referenced. This module is affected by this deficiency.
seealso: seealso:
- module: mso_schema_site_anp_epg - module: mso_schema_site_anp_epg
- module: mso_schema_template_anp_epg_subnet - module: mso_schema_template_anp_epg_subnet
@ -230,7 +234,7 @@ def main():
mso.fail_json(msg="Subnet '{subnet}' not found".format(subnet=subnet)) mso.fail_json(msg="Subnet '{subnet}' not found".format(subnet=subnet))
mso.exit_json() mso.exit_json()
subnets_path = '/sites/{0}/anps/{1}/epgs/{2}/subnets'.format(site_template, anp_idx, epg_idx) subnets_path = '/sites/{0}/anps/{1}/epgs/{2}/subnets'.format(site_template, anp, epg)
ops = [] ops = []
mso.previous = mso.existing mso.previous = mso.existing

View file

@ -52,6 +52,10 @@ options:
type: str type: str
choices: [ absent, present, query ] choices: [ absent, present, query ]
default: present default: present
notes:
- The ACI MultiSite PATCH API has a deficiency requiring some objects to be referenced by index.
This can cause silent corruption on concurrent access when changing/removing on object as
the wrong object may be referenced. This module is affected by this deficiency.
seealso: seealso:
- module: mso_schema_site_bd - module: mso_schema_site_bd
- module: mso_schema_template_bd - module: mso_schema_template_bd
@ -181,6 +185,7 @@ def main():
l3outs = schema_obj['sites'][site_idx]['bds'][bd_idx]['l3Outs'] l3outs = schema_obj['sites'][site_idx]['bds'][bd_idx]['l3Outs']
if l3out is not None and l3out in l3outs: if l3out is not None and l3out in l3outs:
l3out_idx = l3outs.index(l3out) l3out_idx = l3outs.index(l3out)
# FIXME: Changes based on index are DANGEROUS
l3out_path = '/sites/{0}/bds/{1}/l3Outs/{2}'.format(site_template, bd, l3out_idx) l3out_path = '/sites/{0}/bds/{1}/l3Outs/{2}'.format(site_template, bd, l3out_idx)
mso.existing = schema_obj['sites'][site_idx]['bds'][bd_idx]['l3Outs'][l3out_idx] mso.existing = schema_obj['sites'][site_idx]['bds'][bd_idx]['l3Outs'][l3out_idx]

View file

@ -71,6 +71,10 @@ options:
type: str type: str
choices: [ absent, present, query ] choices: [ absent, present, query ]
default: present default: present
notes:
- The ACI MultiSite PATCH API has a deficiency requiring some objects to be referenced by index.
This can cause silent corruption on concurrent access when changing/removing on object as
the wrong object may be referenced. This module is affected by this deficiency.
seealso: seealso:
- module: mso_schema_site_bd - module: mso_schema_site_bd
- module: mso_schema_template_bd - module: mso_schema_template_bd

View file

@ -60,6 +60,10 @@ options:
type: str type: str
choices: [ absent, present, query ] choices: [ absent, present, query ]
default: present default: present
notes:
- The ACI MultiSite PATCH API has a deficiency requiring some objects to be referenced by index.
This can cause silent corruption on concurrent access when changing/removing on object as
the wrong object may be referenced. This module is affected by this deficiency.
seealso: seealso:
- module: mso_schema_site_vrf_region - module: mso_schema_site_vrf_region
- module: mso_schema_site_vrf_region_cidr_subnet - module: mso_schema_site_vrf_region_cidr_subnet
@ -204,6 +208,7 @@ def main():
cidrs = [c['ip'] for c in schema_obj['sites'][site_idx]['vrfs'][vrf_idx]['regions'][region_idx]['cidrs']] cidrs = [c['ip'] for c in schema_obj['sites'][site_idx]['vrfs'][vrf_idx]['regions'][region_idx]['cidrs']]
if cidr is not None and cidr in cidrs: if cidr is not None and cidr in cidrs:
cidr_idx = cidrs.index(cidr) cidr_idx = cidrs.index(cidr)
# FIXME: Changes based on index are DANGEROUS
cidr_path = '/sites/{0}/vrfs/{1}/regions/{2}/cidrs/{3}'.format(site_template, vrf, region, cidr_idx) cidr_path = '/sites/{0}/vrfs/{1}/regions/{2}/cidrs/{3}'.format(site_template, vrf, region, cidr_idx)
mso.existing = schema_obj['sites'][site_idx]['vrfs'][vrf_idx]['regions'][region_idx]['cidrs'][cidr_idx] mso.existing = schema_obj['sites'][site_idx]['vrfs'][vrf_idx]['regions'][region_idx]['cidrs'][cidr_idx]

View file

@ -65,6 +65,10 @@ options:
type: str type: str
choices: [ absent, present, query ] choices: [ absent, present, query ]
default: present default: present
notes:
- The ACI MultiSite PATCH API has a deficiency requiring some objects to be referenced by index.
This can cause silent corruption on concurrent access when changing/removing on object as
the wrong object may be referenced. This module is affected by this deficiency.
seealso: seealso:
- module: mso_schema_site_vrf_region_cidr - module: mso_schema_site_vrf_region_cidr
- module: mso_schema_template_vrf - module: mso_schema_template_vrf
@ -221,6 +225,7 @@ def main():
subnets = [s['ip'] for s in schema_obj['sites'][site_idx]['vrfs'][vrf_idx]['regions'][region_idx]['cidrs'][cidr_idx]['subnets']] subnets = [s['ip'] for s in schema_obj['sites'][site_idx]['vrfs'][vrf_idx]['regions'][region_idx]['cidrs'][cidr_idx]['subnets']]
if subnet is not None and subnet in subnets: if subnet is not None and subnet in subnets:
subnet_idx = subnets.index(subnet) subnet_idx = subnets.index(subnet)
# FIXME: Changes based on index are DANGEROUS
subnet_path = '/sites/{0}/vrfs/{1}/regions/{2}/cidrs/{3}/subnets/{4}'.format(site_template, vrf, region, cidr_idx, subnet_idx) subnet_path = '/sites/{0}/vrfs/{1}/regions/{2}/cidrs/{3}/subnets/{4}'.format(site_template, vrf, region, cidr_idx, subnet_idx)
mso.existing = schema_obj['sites'][site_idx]['vrfs'][vrf_idx]['regions'][region_idx]['cidrs'][cidr_idx]['subnets'][subnet_idx] mso.existing = schema_obj['sites'][site_idx]['vrfs'][vrf_idx]['regions'][region_idx]['cidrs'][cidr_idx]['subnets'][subnet_idx]

View file

@ -214,8 +214,7 @@ def main():
contract_ref = mso.contract_ref(**contract) contract_ref = mso.contract_ref(**contract)
if (contract_ref, contract['type']) in contracts: if (contract_ref, contract['type']) in contracts:
contract_idx = contracts.index((contract_ref, contract['type'])) contract_idx = contracts.index((contract_ref, contract['type']))
# FIXME: Changes based on index are DANGEROUS contract_path = '/templates/{0}/anps/{1}/epgs/{2}/contractRelationships/{3}'.format(template, anp, epg, contract)
contract_path = '/templates/{0}/anps/{1}/epgs/{2}/contractRelationships/{3}'.format(template, anp, epg, contract_idx)
mso.existing = schema_obj['templates'][template_idx]['anps'][anp_idx]['epgs'][epg_idx]['contractRelationships'][contract_idx] mso.existing = schema_obj['templates'][template_idx]['anps'][anp_idx]['epgs'][epg_idx]['contractRelationships'][contract_idx]
if state == 'query': if state == 'query':

View file

@ -244,8 +244,7 @@ def main():
filter_ref = mso.filter_ref(schema_id=filter_schema_id, template=filter_template, filter=filter_name) filter_ref = mso.filter_ref(schema_id=filter_schema_id, template=filter_template, filter=filter_name)
if filter_ref in filters: if filter_ref in filters:
filter_idx = filters.index(filter_ref) filter_idx = filters.index(filter_ref)
# FIXME: Changes based on index are DANGEROUS filter_path = '/templates/{0}/contracts/{1}/{2}/{3}'.format(template, contract, filter_key, filter_name)
filter_path = '/templates/{0}/contracts/{1}/{2}/{3}'.format(template, contract, filter_key, filter_idx)
mso.existing = schema_obj['templates'][template_idx]['contracts'][contract_idx][filter_key][filter_idx] mso.existing = schema_obj['templates'][template_idx]['contracts'][contract_idx][filter_key][filter_idx]
if state == 'query': if state == 'query':