multi-tenant snapshot-credentials potential file collision (data loss)

Description

Requirements: A blueprint which installs an agent into a cloudify.nodes.Compute

  • With a manager, create a second tenant

  • Upload the blueprint to both tenants*

  • Deploy the blueprint in both tenants, using the same name

  • Create a snapshot

When inspecting the snapshot archive, only one of the agent keys will be saved, this is because the naming scheme causes them to collide. e.g.:

  • It's not a requirement that both blueprints be the same, only that the deployment and node names both match!

Activity

Show:
Matt Wheeler
May 3, 2017, 4:25 PM

There's also a simpler case which will still cause data loss in the same way and with <4 versions too. A pair of deployments of different blueprints:

deployment_one with a node ID vm_name
deployment_one_vm with a node ID name

A decision should be made about whether a fix for this is going to be backported to any previous releases. If not, we can take a shortcut and convert file-based keys straight into secrets during the dump as well.
If we will backport, a new snapshot layout will be required, something like:

Assignee

Unassigned

Reporter

Matt Wheeler

Bug Type

None

Target Version

None

Severity

None

Affects versions

Configure