diff --git a/heat/common/config.py b/heat/common/config.py index d4729e1fd..9b61a0fe5 100644 --- a/heat/common/config.py +++ b/heat/common/config.py @@ -321,6 +321,10 @@ def startup_sanity_check(): '"stack_user_domain_name" without ' '"stack_domain_admin" and ' '"stack_domain_admin_password"')) + auth_key_len = len(cfg.CONF.auth_encryption_key) + if auth_key_len not in [16, 24, 32]: + raise exception.Error(_('heat.conf misconfigured, auth_encryption_key ' + 'length must be 16, 24 or 32')) def list_opts(): diff --git a/heat/common/crypt.py b/heat/common/crypt.py index 6b53058b2..07c3c72f4 100644 --- a/heat/common/crypt.py +++ b/heat/common/crypt.py @@ -16,13 +16,16 @@ import base64 from Crypto.Cipher import AES from oslo_config import cfg +from heat.common.i18n import _ from heat.openstack.common.crypto import utils auth_opts = [ cfg.StrOpt('auth_encryption_key', - default='notgood but just long enough i think', - help="Encryption key used for authentication info in database.") + default='notgood but just long enough i t', + help=_('Encryption key used for authentication ' + 'info in database. Length of this key ' + 'must be 16, 24 or 32')) ] cfg.CONF.register_opts(auth_opts) diff --git a/heat/tests/test_heatclient.py b/heat/tests/test_heatclient.py index 31cb259f7..0ced36bae 100644 --- a/heat/tests/test_heatclient.py +++ b/heat/tests/test_heatclient.py @@ -1583,3 +1583,19 @@ class KeystoneClientTestDomainName(KeystoneClientTest): def test_create_stack_domain_user(self): p = super(KeystoneClientTestDomainName, self) p.test_create_stack_domain_user() + + +class HeatClientTest(KeystoneClientTest): + """Test cases for heat.common.config""" + + def setUp(self): + super(HeatClientTest, self).setUp() + + def test_init_auth_encryption_key_length(self): + """Test for length of the auth_encryption_length in config file""" + cfg.CONF.set_override('auth_encryption_key', 'abcdefghijklma') + err = self.assertRaises(exception.Error, + config.startup_sanity_check) + exp_msg = ('heat.conf misconfigured, auth_encryption_key ' + 'length must be 16, 24 or 32') + self.assertIn(exp_msg, six.text_type(err))