Revert "Fix Brocade FC SAN lookup MITM vulnerability"
This reverts commit ab4f572126
.
The change is being reverted as it broke the Brocade FC SAN lookup
functionality. The change uses configuration options from
ssh_utils that are not initialized when the Brocade driver is
run causing an exception to be thrown complaining that
CONF.ssh_hosts_key_file is used before it is initialized.
The right solution is to change the Brocade driver to use ssh_utils to
make SSH connections.
Conflicts:
cinder/zonemanager/drivers/brocade/brcd_fc_san_lookup_service.py
Change-Id: I7814c3da9c0e6fcf3143969e74304a48cafcb3d1
Closes-bug: 1398488
This commit is contained in:
parent
d496b78795
commit
57103807c5
|
@ -42,8 +42,6 @@ _device_map_to_verify = {
|
|||
'initiator_port_wwn_list': ['10008c7cff523b01'],
|
||||
'target_port_wwn_list': ['20240002ac000a50']}}
|
||||
|
||||
CONF = cfg.CONF
|
||||
|
||||
|
||||
class TestBrcdFCSanLookupService(brcd_lookup.BrcdFCSanLookupService,
|
||||
test.TestCase):
|
||||
|
@ -79,14 +77,16 @@ class TestBrcdFCSanLookupService(brcd_lookup.BrcdFCSanLookupService,
|
|||
|
||||
@mock.patch.object(paramiko.hostkeys.HostKeys, 'load')
|
||||
def test_create_ssh_client(self, load_mock):
|
||||
CONF.ssh_hosts_key_file = 'dummy_host_key_file'
|
||||
CONF.strict_ssh_host_key_policy = True
|
||||
ssh_client = self.create_ssh_client()
|
||||
mock_args = {}
|
||||
mock_args['known_hosts_file'] = 'dummy_host_key_file'
|
||||
mock_args['missing_key_policy'] = paramiko.RejectPolicy()
|
||||
ssh_client = self.create_ssh_client(**mock_args)
|
||||
self.assertEqual(ssh_client._host_keys_filename, 'dummy_host_key_file')
|
||||
self.assertTrue(isinstance(ssh_client._policy, paramiko.RejectPolicy))
|
||||
CONF.strict_ssh_host_key_policy = False
|
||||
ssh_client = self.create_ssh_client()
|
||||
self.assertTrue(isinstance(ssh_client._policy, paramiko.AutoAddPolicy))
|
||||
mock_args = {}
|
||||
ssh_client = self.create_ssh_client(**mock_args)
|
||||
self.assertIsNone(ssh_client._host_keys_filename)
|
||||
self.assertTrue(isinstance(ssh_client._policy, paramiko.WarningPolicy))
|
||||
|
||||
@mock.patch.object(brcd_lookup.BrcdFCSanLookupService,
|
||||
'get_nameserver_info')
|
||||
|
|
|
@ -17,7 +17,6 @@
|
|||
#
|
||||
|
||||
|
||||
from oslo.config import cfg
|
||||
from oslo.utils import excutils
|
||||
import paramiko
|
||||
|
||||
|
@ -31,8 +30,6 @@ from cinder.zonemanager.fc_san_lookup_service import FCSanLookupService
|
|||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
CONF = cfg.CONF
|
||||
|
||||
|
||||
class BrcdFCSanLookupService(FCSanLookupService):
|
||||
"""The SAN lookup service that talks to Brocade switches.
|
||||
|
@ -49,7 +46,7 @@ class BrcdFCSanLookupService(FCSanLookupService):
|
|||
super(BrcdFCSanLookupService, self).__init__(**kwargs)
|
||||
self.configuration = kwargs.get('configuration', None)
|
||||
self.create_configuration()
|
||||
self.client = self.create_ssh_client()
|
||||
self.client = self.create_ssh_client(**kwargs)
|
||||
|
||||
def create_configuration(self):
|
||||
"""Configuration specific to SAN context values."""
|
||||
|
@ -64,16 +61,16 @@ class BrcdFCSanLookupService(FCSanLookupService):
|
|||
self.fabric_configs = fabric_opts.load_fabric_configurations(
|
||||
fabric_names)
|
||||
|
||||
def create_ssh_client(self):
|
||||
def create_ssh_client(self, **kwargs):
|
||||
ssh_client = paramiko.SSHClient()
|
||||
known_hosts_file = CONF.ssh_hosts_key_file
|
||||
if not known_hosts_file:
|
||||
raise exception.ParameterNotFound(param='ssh_hosts_key_file')
|
||||
ssh_client.load_host_keys(known_hosts_file)
|
||||
if CONF.strict_ssh_host_key_policy:
|
||||
missing_key_policy = paramiko.RejectPolicy()
|
||||
known_hosts_file = kwargs.get('known_hosts_file', None)
|
||||
if known_hosts_file is None:
|
||||
ssh_client.load_system_host_keys()
|
||||
else:
|
||||
missing_key_policy = paramiko.AutoAddPolicy()
|
||||
ssh_client.load_host_keys(known_hosts_file)
|
||||
missing_key_policy = kwargs.get('missing_key_policy', None)
|
||||
if missing_key_policy is None:
|
||||
missing_key_policy = paramiko.WarningPolicy()
|
||||
ssh_client.set_missing_host_key_policy(missing_key_policy)
|
||||
return ssh_client
|
||||
|
||||
|
|
Loading…
Reference in New Issue