Check if encoded user credential may get truncated
In some deployments, user passwords are generated by other authentication infrastructures where the length of the Base64 encoded credentials is longer than the DB limit. This patch checks if the encoded credential might be truncated when it is generated and fail early during stack creation, or else it will cause troubles later on when operating the stack. Change-Id: I901b9e39dd0d394991520fea1f527e250c2c9680 Partial-Bug: 1386213
This commit is contained in:
parent
9168e026b9
commit
0d9af5c683
@ -482,6 +482,9 @@ def user_creds_create(context):
|
||||
else:
|
||||
user_creds_ref.update(values)
|
||||
method, password = _encrypt(values['password'])
|
||||
if len(six.text_type(password)) > 255:
|
||||
raise exception.Error(_("Length of OS_PASSWORD after encryption"
|
||||
" exceeds Heat limit (255 chars)"))
|
||||
user_creds_ref.password = password
|
||||
user_creds_ref.decrypt_method = method
|
||||
user_creds_ref.save(_session(context))
|
||||
|
@ -758,6 +758,15 @@ class SqlAlchemyTest(common.HeatTestCase):
|
||||
self.assertIsNone(load_creds.get('trust_id'))
|
||||
self.assertIsNone(load_creds.get('trustor_user_id'))
|
||||
|
||||
def test_user_creds_password_too_long(self):
|
||||
self.ctx.trust_id = None
|
||||
self.ctx.password = 'O123456789O1234567' * 20
|
||||
error = self.assertRaises(exception.Error,
|
||||
db_api.user_creds_create,
|
||||
self.ctx)
|
||||
self.assertIn('Length of OS_PASSWORD after encryption exceeds '
|
||||
'Heat limit (255 chars)', six.text_type(error))
|
||||
|
||||
def test_user_creds_trust(self):
|
||||
self.ctx.username = None
|
||||
self.ctx.password = None
|
||||
|
Loading…
Reference in New Issue
Block a user