author | Drew Fisher <drew.fisher@oracle.com> |
Tue, 23 Sep 2014 17:50:12 -0700 | |
branch | s11u2-sru |
changeset 3327 | 5abdd1497a6a |
permissions | -rw-r--r-- |
3327
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
1 |
Patch for Upstream bug 1311223. This addresses CVE-2014-3801. It has |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
2 |
been fixed in Icehouse 2014.1.1 and Havana 2013.2.4. |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
3 |
|
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
4 |
From 7e114a38712da8947ee7ad93eabda34f5e4aa65a Mon Sep 17 00:00:00 2001 |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
5 |
From: Angus Salkeld <[email protected]> |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
6 |
Date: Thu, 1 May 2014 11:20:55 +1000 |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
7 |
Subject: Don't dynamically create provider types in the global env |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
8 |
|
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
9 |
Only support this in user environments. |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
10 |
Note: this is only when you have the following in your template |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
11 |
resources: |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
12 |
thingy: |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
13 |
type: http://example.com/foo.template |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
14 |
|
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
15 |
Doing this will avoid tenant-specific provider template URLs being |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
16 |
shown globally in the resource-type listing. |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
17 |
|
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
18 |
Co-Authored-By: Angus Salkeld <[email protected]> |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
19 |
Closes-Bug: #1311223 |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
20 |
Change-Id: Ifa18108afacbda390b19b46a8f41bc4f018e95d6 |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
21 |
(cherry picked from commit a02ff20509171346d2a1d2a9df7c81aada134c52) |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
22 |
|
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
23 |
diff --git a/heat/engine/environment.py b/heat/engine/environment.py |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
24 |
index 6dd73f0..db9f2e2 100644 |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
25 |
--- a/heat/engine/environment.py |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
26 |
+++ b/heat/engine/environment.py |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
27 |
@@ -187,7 +187,10 @@ class ResourceRegistry(object): |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
28 |
registry[name] = info |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
29 |
|
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
30 |
def iterable_by(self, resource_type, resource_name=None): |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
31 |
- if resource_type.endswith(('.yaml', '.template')): |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
32 |
+ is_templ_type = resource_type.endswith(('.yaml', '.template')) |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
33 |
+ if self.global_registry is not None and is_templ_type: |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
34 |
+ # we only support dynamic resource types in user environments |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
35 |
+ # not the global environment. |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
36 |
# resource with a Type == a template |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
37 |
# we dynamically create an entry as it has not been registered. |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
38 |
if resource_type not in self._registry: |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
39 |
diff --git a/heat/tests/test_provider_template.py b/heat/tests/test_provider_template.py |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
40 |
index 500cc59..e2af880 100644 |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
41 |
--- a/heat/tests/test_provider_template.py |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
42 |
+++ b/heat/tests/test_provider_template.py |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
43 |
@@ -398,6 +398,8 @@ class ProviderTemplateTest(HeatTestCase): |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
44 |
self.assertIn(attrib, templ_resource.attributes) |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
45 |
for k, v in json_snippet.get("Properties").items(): |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
46 |
self.assertEqual(v, templ_resource.properties[k]) |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
47 |
+ self.assertNotIn('WordPress_Single_Instance.yaml', |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
48 |
+ resources.global_env().registry._registry) |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
49 |
|
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
50 |
def test_system_template_retrieve_by_file(self): |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
51 |
# make sure that a TemplateResource defined in the global environment |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
52 |
-- |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
53 |
cgit v0.10.1 |
5abdd1497a6a
PSARC/2014/236 OpenStack Heat (OpenStack Orchestration Service)
Drew Fisher <drew.fisher@oracle.com>
parents:
diff
changeset
|
54 |