Mercurial Mercurial > upstream > oracle > userland-gate / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openstack/heat/patches/01-CVE-2014-3801.patch
branchs11-update
changeset 3320 f9d413d0e202
equal deleted inserted replaced
3319:2f17d2251460 3320:f9d413d0e202 
       
     1 Patch for Upstream bug 1311223.  This addresses CVE-2014-3801.  It has
 
       
     2 been fixed in Icehouse 2014.1.1 and Havana 2013.2.4.
 
       
     3 
       
     4 From 7e114a38712da8947ee7ad93eabda34f5e4aa65a Mon Sep 17 00:00:00 2001
 
       
     5 From: Angus Salkeld <[email protected]>
 
       
     6 Date: Thu, 1 May 2014 11:20:55 +1000
 
       
     7 Subject: Don't dynamically create provider types in the global env
 
       
     8 
       
     9 Only support this in user environments.
 
       
    10 Note: this is only when you have the following in your template
 
       
    11 resources:
 
       
    12   thingy:
 
       
    13     type: http://example.com/foo.template
 
       
    14 
       
    15 Doing this will avoid tenant-specific provider template URLs being
 
       
    16 shown globally in the resource-type listing.
 
       
    17 
       
    18 Co-Authored-By: Angus Salkeld <[email protected]>
 
       
    19 Closes-Bug: #1311223
 
       
    20 Change-Id: Ifa18108afacbda390b19b46a8f41bc4f018e95d6
 
       
    21 (cherry picked from commit a02ff20509171346d2a1d2a9df7c81aada134c52)
 
       
    22 
       
    23 diff --git a/heat/engine/environment.py b/heat/engine/environment.py
 
       
    24 index 6dd73f0..db9f2e2 100644
 
       
    25 --- a/heat/engine/environment.py
 
       
    26 +++ b/heat/engine/environment.py
 
       
    27 @@ -187,7 +187,10 @@ class ResourceRegistry(object):
 
       
    28          registry[name] = info
 
       
    29  
       
    30      def iterable_by(self, resource_type, resource_name=None):
 
       
    31 -        if resource_type.endswith(('.yaml', '.template')):
 
       
    32 +        is_templ_type = resource_type.endswith(('.yaml', '.template'))
 
       
    33 +        if self.global_registry is not None and is_templ_type:
 
       
    34 +            # we only support dynamic resource types in user environments
 
       
    35 +            # not the global environment.
 
       
    36              # resource with a Type == a template
 
       
    37              # we dynamically create an entry as it has not been registered.
 
       
    38              if resource_type not in self._registry:
 
       
    39 diff --git a/heat/tests/test_provider_template.py b/heat/tests/test_provider_template.py
 
       
    40 index 500cc59..e2af880 100644
 
       
    41 --- a/heat/tests/test_provider_template.py
 
       
    42 +++ b/heat/tests/test_provider_template.py
 
       
    43 @@ -398,6 +398,8 @@ class ProviderTemplateTest(HeatTestCase):
 
       
    44              self.assertIn(attrib, templ_resource.attributes)
 
       
    45          for k, v in json_snippet.get("Properties").items():
 
       
    46              self.assertEqual(v, templ_resource.properties[k])
 
       
    47 +        self.assertNotIn('WordPress_Single_Instance.yaml',
 
       
    48 +                         resources.global_env().registry._registry)
 
       
    49  
       
    50      def test_system_template_retrieve_by_file(self):
 
       
    51          # make sure that a TemplateResource defined in the global environment
 
       
    52 -- 
       
    53 cgit v0.10.1
 
       
    54
upstream/oracle/userland-gate