Project

General

Profile

Bug #52027

XML responses return different order of XML elements

Added by Daniel Iwan over 2 years ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
Target version:
-
% Done:

100%

Source:
Tags:
sts role
Backport:
pacific octopus
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

Example operation ListRoles returns result as below.
This is different from AWS documentation https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRoles.html
which shows result is the first XML child, and ResponseMetadata is the last one.
Although order should not matter AWS Java SDK generic parsers require that and interpret first child as result.
See for example https://github.com/aws/aws-sdk-java-v2/blob/master/core/protocols/aws-query-protocol/src/main/java/software/amazon/awssdk/protocols/query/internal/unmarshall/QueryProtocolUnmarshaller.java
and unmarshall() line ~ 73 which states

XmlElement resultRoot = hasResultWrapper ? document.getFirstChild() : document;

The end result is that list of roles returned is empty, although RGW sent a valid XML.
This very likely affects other operations returning XML responses, causing incompatibility issues.

The problem has been added to AWS SDK as well https://github.com/aws/aws-sdk-java-v2/issues/2638
but current RGW's behaviour does not work with existing SDK and the issue may not be addressed since it is not applicable to AWS environment.

Example response from RGW

<ListRolesResponse>
<ResponseMetadata>
<RequestId>tx000000000000000000bf3-00610902d3-df5c88-something</RequestId>
</ResponseMetadata>
<ListRolesResult>
<Roles>
<member>
<RoleId>800c18b6-8259-4697-b1b0-7498d9487446</RoleId>
<RoleName>exampleRole</RoleName>
<Path>/base/</Path>
<Arn>arn:aws:iam::demo:role/base/exampleRole</Arn>
<CreateDate>2021-07-20T10:03:45.743Z</CreateDate>
<MaxSessionDuration>3600</MaxSessionDuration>
<AssumeRolePolicyDocument>{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"Federated":["arn:aws:iam:::oidc-provider/localhost.example.com:8443/auth/realms/demo"]},"Action":["sts:AssumeRoleWithWebIdentity"],"Condition":[{"StringEquals":{"localhost.example.com:8443/auth/realms/demo:app_id":"account"}},{"StringEquals":{"localhost.example.com:8443/auth/realms/demo:sub":["c7d03371-6d87-4b46-80ef-518eec3f7aa6"]}}]}]}</AssumeRolePolicyDocument>
</member>
</Roles>
</ListRolesResult>
</ListRolesResponse>


Related issues

Copied to rgw - Backport #52348: pacific: XML responses return different order of XML elements Resolved
Copied to rgw - Backport #52349: octopus: XML responses return different order of XML elements Resolved

History

#1 Updated by Casey Bodley over 2 years ago

  • Assignee set to Casey Bodley

#2 Updated by Casey Bodley over 2 years ago

  • Status changed from New to Fix Under Review
  • Tags set to sts role
  • Backport set to pacific octopus
  • Pull request ID set to 42683

#3 Updated by Casey Bodley over 2 years ago

  • Status changed from Fix Under Review to Pending Backport

#4 Updated by Backport Bot over 2 years ago

  • Copied to Backport #52348: pacific: XML responses return different order of XML elements added

#5 Updated by Backport Bot over 2 years ago

  • Copied to Backport #52349: octopus: XML responses return different order of XML elements added

#6 Updated by Backport Bot over 1 year ago

  • Tags changed from sts role to sts role backport_processed

#7 Updated by Konstantin Shalygin over 1 year ago

  • Status changed from Pending Backport to Resolved
  • % Done changed from 0 to 100
  • Tags changed from sts role backport_processed to sts role

#8 Updated by Daniel Iwan over 1 year ago

Hi

I think this is not fully addressed.
I've added a comment to pull request https://github.com/ceph/ceph/pull/42683

Regards
Daniel

Also available in: Atom PDF