d91eea03ac
yaml.load() provides the ability to construct an arbitrary python object that may be dangerous. yaml.safe_load() limits this ability to simple python objects like integers or lists. ref: https://en.wikipedia.org/wiki/YAML#Security Change-Id: I9c28c25f4265fb691d39e72e20ef9c99f5538bf5
417 lines
14 KiB
Python
417 lines
14 KiB
Python
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
|
|
import mock
|
|
from oslo_config import cfg
|
|
from requests import exceptions
|
|
import six
|
|
import yaml
|
|
|
|
from heat.common import exception
|
|
from heat.common import identifier
|
|
from heat.common import template_format
|
|
from heat.common import urlfetch
|
|
from heat.engine import resource
|
|
from heat.engine.resources.aws.cfn import stack as stack_res
|
|
from heat.engine import rsrc_defn
|
|
from heat.engine import stack as parser
|
|
from heat.engine import template
|
|
from heat.objects import resource_data as resource_data_object
|
|
from heat.tests import common
|
|
from heat.tests import generic_resource as generic_rsrc
|
|
from heat.tests import utils
|
|
|
|
|
|
class NestedStackTest(common.HeatTestCase):
|
|
test_template = '''
|
|
HeatTemplateFormatVersion: '2012-12-12'
|
|
Resources:
|
|
the_nested:
|
|
Type: AWS::CloudFormation::Stack
|
|
Properties:
|
|
TemplateURL: https://server.test/the.template
|
|
Parameters:
|
|
KeyName: foo
|
|
'''
|
|
|
|
nested_template = '''
|
|
HeatTemplateFormatVersion: '2012-12-12'
|
|
Parameters:
|
|
KeyName:
|
|
Type: String
|
|
Outputs:
|
|
Foo:
|
|
Value: bar
|
|
'''
|
|
|
|
update_template = '''
|
|
HeatTemplateFormatVersion: '2012-12-12'
|
|
Parameters:
|
|
KeyName:
|
|
Type: String
|
|
Outputs:
|
|
Bar:
|
|
Value: foo
|
|
'''
|
|
|
|
def setUp(self):
|
|
super(NestedStackTest, self).setUp()
|
|
self.patchobject(urlfetch, 'get')
|
|
|
|
def validate_stack(self, template):
|
|
t = template_format.parse(template)
|
|
stack = self.parse_stack(t)
|
|
res = stack.validate()
|
|
self.assertIsNone(res)
|
|
return stack
|
|
|
|
def parse_stack(self, t, data=None):
|
|
ctx = utils.dummy_context('test_username', 'aaaa', 'password')
|
|
stack_name = 'test_stack'
|
|
tmpl = template.Template(t)
|
|
stack = parser.Stack(ctx, stack_name, tmpl, adopt_stack_data=data)
|
|
stack.store()
|
|
return stack
|
|
|
|
@mock.patch.object(parser.Stack, 'total_resources')
|
|
def test_nested_stack_three_deep(self, tr):
|
|
root_template = '''
|
|
HeatTemplateFormatVersion: 2012-12-12
|
|
Resources:
|
|
Nested:
|
|
Type: AWS::CloudFormation::Stack
|
|
Properties:
|
|
TemplateURL: 'https://server.test/depth1.template'
|
|
'''
|
|
depth1_template = '''
|
|
HeatTemplateFormatVersion: 2012-12-12
|
|
Resources:
|
|
Nested:
|
|
Type: AWS::CloudFormation::Stack
|
|
Properties:
|
|
TemplateURL: 'https://server.test/depth2.template'
|
|
'''
|
|
depth2_template = '''
|
|
HeatTemplateFormatVersion: 2012-12-12
|
|
Resources:
|
|
Nested:
|
|
Type: AWS::CloudFormation::Stack
|
|
Properties:
|
|
TemplateURL: 'https://server.test/depth3.template'
|
|
Parameters:
|
|
KeyName: foo
|
|
'''
|
|
urlfetch.get.side_effect = [
|
|
depth1_template,
|
|
depth2_template,
|
|
self.nested_template]
|
|
|
|
tr.return_value = 2
|
|
|
|
self.validate_stack(root_template)
|
|
calls = [mock.call('https://server.test/depth1.template'),
|
|
mock.call('https://server.test/depth2.template'),
|
|
mock.call('https://server.test/depth3.template')]
|
|
urlfetch.get.assert_has_calls(calls)
|
|
|
|
@mock.patch.object(parser.Stack, 'total_resources')
|
|
def test_nested_stack_six_deep(self, tr):
|
|
tmpl = '''
|
|
HeatTemplateFormatVersion: 2012-12-12
|
|
Resources:
|
|
Nested:
|
|
Type: AWS::CloudFormation::Stack
|
|
Properties:
|
|
TemplateURL: 'https://server.test/depth%i.template'
|
|
'''
|
|
root_template = tmpl % 1
|
|
depth1_template = tmpl % 2
|
|
depth2_template = tmpl % 3
|
|
depth3_template = tmpl % 4
|
|
depth4_template = tmpl % 5
|
|
depth5_template = tmpl % 6
|
|
depth5_template += '''
|
|
Parameters:
|
|
KeyName: foo
|
|
'''
|
|
|
|
urlfetch.get.side_effect = [
|
|
depth1_template,
|
|
depth2_template,
|
|
depth3_template,
|
|
depth4_template,
|
|
depth5_template,
|
|
self.nested_template]
|
|
|
|
tr.return_value = 5
|
|
|
|
t = template_format.parse(root_template)
|
|
stack = self.parse_stack(t)
|
|
stack['Nested'].root_stack_id = '1234'
|
|
|
|
res = self.assertRaises(exception.StackValidationFailed,
|
|
stack.validate)
|
|
self.assertIn('Recursion depth exceeds', six.text_type(res))
|
|
|
|
calls = [mock.call('https://server.test/depth1.template'),
|
|
mock.call('https://server.test/depth2.template'),
|
|
mock.call('https://server.test/depth3.template'),
|
|
mock.call('https://server.test/depth4.template'),
|
|
mock.call('https://server.test/depth5.template'),
|
|
mock.call('https://server.test/depth6.template')]
|
|
urlfetch.get.assert_has_calls(calls)
|
|
|
|
def test_nested_stack_four_wide(self):
|
|
root_template = '''
|
|
HeatTemplateFormatVersion: 2012-12-12
|
|
Resources:
|
|
Nested:
|
|
Type: AWS::CloudFormation::Stack
|
|
Properties:
|
|
TemplateURL: 'https://server.test/depth1.template'
|
|
Parameters:
|
|
KeyName: foo
|
|
Nested2:
|
|
Type: AWS::CloudFormation::Stack
|
|
Properties:
|
|
TemplateURL: 'https://server.test/depth2.template'
|
|
Parameters:
|
|
KeyName: foo
|
|
Nested3:
|
|
Type: AWS::CloudFormation::Stack
|
|
Properties:
|
|
TemplateURL: 'https://server.test/depth3.template'
|
|
Parameters:
|
|
KeyName: foo
|
|
Nested4:
|
|
Type: AWS::CloudFormation::Stack
|
|
Properties:
|
|
TemplateURL: 'https://server.test/depth4.template'
|
|
Parameters:
|
|
KeyName: foo
|
|
'''
|
|
urlfetch.get.return_value = self.nested_template
|
|
|
|
self.validate_stack(root_template)
|
|
calls = [mock.call('https://server.test/depth1.template'),
|
|
mock.call('https://server.test/depth2.template'),
|
|
mock.call('https://server.test/depth3.template'),
|
|
mock.call('https://server.test/depth4.template')]
|
|
urlfetch.get.assert_has_calls(calls, any_order=True)
|
|
|
|
@mock.patch.object(parser.Stack, 'total_resources')
|
|
def test_nested_stack_infinite_recursion(self, tr):
|
|
tmpl = '''
|
|
HeatTemplateFormatVersion: 2012-12-12
|
|
Resources:
|
|
Nested:
|
|
Type: AWS::CloudFormation::Stack
|
|
Properties:
|
|
TemplateURL: 'https://server.test/the.template'
|
|
'''
|
|
urlfetch.get.return_value = tmpl
|
|
t = template_format.parse(tmpl)
|
|
stack = self.parse_stack(t)
|
|
stack['Nested'].root_stack_id = '1234'
|
|
tr.return_value = 2
|
|
res = self.assertRaises(exception.StackValidationFailed,
|
|
stack.validate)
|
|
self.assertIn('Recursion depth exceeds', six.text_type(res))
|
|
expected_count = cfg.CONF.get('max_nested_stack_depth') + 1
|
|
self.assertEqual(expected_count, urlfetch.get.call_count)
|
|
|
|
def test_child_params(self):
|
|
t = template_format.parse(self.test_template)
|
|
stack = self.parse_stack(t)
|
|
nested_stack = stack['the_nested']
|
|
nested_stack.properties.data[nested_stack.PARAMETERS] = {'foo': 'bar'}
|
|
|
|
self.assertEqual({'foo': 'bar'}, nested_stack.child_params())
|
|
|
|
def test_child_template_when_file_is_fetched(self):
|
|
urlfetch.get.return_value = 'template_file'
|
|
t = template_format.parse(self.test_template)
|
|
stack = self.parse_stack(t)
|
|
nested_stack = stack['the_nested']
|
|
|
|
with mock.patch('heat.common.template_format.parse') as mock_parse:
|
|
mock_parse.return_value = 'child_template'
|
|
self.assertEqual('child_template', nested_stack.child_template())
|
|
mock_parse.assert_called_once_with('template_file')
|
|
|
|
def test_child_template_when_fetching_file_fails(self):
|
|
urlfetch.get.side_effect = exceptions.RequestException()
|
|
t = template_format.parse(self.test_template)
|
|
stack = self.parse_stack(t)
|
|
nested_stack = stack['the_nested']
|
|
self.assertRaises(ValueError, nested_stack.child_template)
|
|
|
|
def test_child_template_when_io_error(self):
|
|
msg = 'Failed to retrieve template'
|
|
urlfetch.get.side_effect = urlfetch.URLFetchError(msg)
|
|
t = template_format.parse(self.test_template)
|
|
stack = self.parse_stack(t)
|
|
nested_stack = stack['the_nested']
|
|
self.assertRaises(ValueError, nested_stack.child_template)
|
|
|
|
def test_refid(self):
|
|
t = template_format.parse(self.test_template)
|
|
stack = self.parse_stack(t)
|
|
nested_stack = stack['the_nested']
|
|
self.assertEqual('the_nested', nested_stack.FnGetRefId())
|
|
|
|
def test_refid_convergence_cache_data(self):
|
|
t = template_format.parse(self.test_template)
|
|
tmpl = template.Template(t)
|
|
ctx = utils.dummy_context()
|
|
cache_data = {'the_nested': {
|
|
'uuid': mock.ANY,
|
|
'id': mock.ANY,
|
|
'action': 'CREATE',
|
|
'status': 'COMPLETE',
|
|
'reference_id': 'the_nested_convg_mock'
|
|
}}
|
|
stack = parser.Stack(ctx, 'test_stack', tmpl, cache_data=cache_data)
|
|
nested_stack = stack['the_nested']
|
|
self.assertEqual('the_nested_convg_mock', nested_stack.FnGetRefId())
|
|
|
|
def test_get_attribute(self):
|
|
tmpl = template_format.parse(self.test_template)
|
|
ctx = utils.dummy_context('test_username', 'aaaa', 'password')
|
|
stack = parser.Stack(ctx, 'test',
|
|
template.Template(tmpl))
|
|
stack.store()
|
|
|
|
stack_res = stack['the_nested']
|
|
stack_res._store()
|
|
|
|
nested_t = template_format.parse(self.nested_template)
|
|
nested_stack = parser.Stack(ctx, 'test',
|
|
template.Template(nested_t))
|
|
nested_stack.store()
|
|
stack_res.nested = mock.Mock(return_value=nested_stack)
|
|
self.assertEqual('bar', stack_res.FnGetAtt('Outputs.Foo'))
|
|
|
|
|
|
class ResDataResource(generic_rsrc.GenericResource):
|
|
def handle_create(self):
|
|
self.data_set("test", 'A secret value', True)
|
|
|
|
|
|
class ResDataStackTest(common.HeatTestCase):
|
|
tmpl = '''
|
|
HeatTemplateFormatVersion: "2012-12-12"
|
|
Parameters:
|
|
KeyName:
|
|
Type: String
|
|
Resources:
|
|
res:
|
|
Type: "res.data.resource"
|
|
Outputs:
|
|
Foo:
|
|
Value: bar
|
|
'''
|
|
|
|
def setUp(self):
|
|
super(ResDataStackTest, self).setUp()
|
|
resource._register_class("res.data.resource", ResDataResource)
|
|
|
|
def create_stack(self, template):
|
|
t = template_format.parse(template)
|
|
stack = utils.parse_stack(t)
|
|
stack.create()
|
|
self.assertEqual((stack.CREATE, stack.COMPLETE), stack.state)
|
|
return stack
|
|
|
|
def test_res_data_delete(self):
|
|
stack = self.create_stack(self.tmpl)
|
|
res = stack['res']
|
|
stack.delete()
|
|
self.assertEqual((stack.DELETE, stack.COMPLETE), stack.state)
|
|
self.assertRaises(
|
|
exception.NotFound,
|
|
resource_data_object.ResourceData.get_val, res, 'test')
|
|
|
|
|
|
class NestedStackCrudTest(common.HeatTestCase):
|
|
nested_template = '''
|
|
HeatTemplateFormatVersion: '2012-12-12'
|
|
Parameters:
|
|
KeyName:
|
|
Type: String
|
|
Outputs:
|
|
Foo:
|
|
Value: bar
|
|
'''
|
|
|
|
def setUp(self):
|
|
super(NestedStackCrudTest, self).setUp()
|
|
|
|
self.ctx = utils.dummy_context('test_username', 'aaaa', 'password')
|
|
empty_template = {"HeatTemplateFormatVersion": "2012-12-12"}
|
|
self.stack = parser.Stack(self.ctx, 'test',
|
|
template.Template(empty_template))
|
|
self.stack.store()
|
|
|
|
self.patchobject(urlfetch, 'get', return_value=self.nested_template)
|
|
self.nested_parsed = yaml.safe_load(self.nested_template)
|
|
self.nested_params = {"KeyName": "foo"}
|
|
self.defn = rsrc_defn.ResourceDefinition(
|
|
'test_t_res',
|
|
'AWS::CloudFormation::Stack',
|
|
{"TemplateURL": "https://server.test/the.template",
|
|
"Parameters": self.nested_params})
|
|
self.res = stack_res.NestedStack('test_t_res',
|
|
self.defn, self.stack)
|
|
self.assertIsNone(self.res.validate())
|
|
self.res._store()
|
|
|
|
def test_handle_create(self):
|
|
self.res.create_with_template = mock.Mock(return_value=None)
|
|
|
|
self.res.handle_create()
|
|
|
|
self.res.create_with_template.assert_called_once_with(
|
|
self.nested_parsed, self.nested_params, None, adopt_data=None)
|
|
|
|
def test_handle_adopt(self):
|
|
self.res.create_with_template = mock.Mock(return_value=None)
|
|
|
|
self.res.handle_adopt(resource_data={'resource_id': 'fred'})
|
|
|
|
self.res.create_with_template.assert_called_once_with(
|
|
self.nested_parsed, self.nested_params, None,
|
|
adopt_data={'resource_id': 'fred'})
|
|
|
|
def test_handle_update(self):
|
|
self.res.update_with_template = mock.Mock(return_value=None)
|
|
|
|
self.res.handle_update(self.defn, None, None)
|
|
|
|
self.res.update_with_template.assert_called_once_with(
|
|
self.nested_parsed, self.nested_params, None)
|
|
|
|
def test_handle_delete(self):
|
|
self.res.rpc_client = mock.MagicMock()
|
|
self.res.action = self.res.CREATE
|
|
self.res.nested = mock.MagicMock()
|
|
stack_identity = identifier.HeatIdentifier(
|
|
self.ctx.tenant_id,
|
|
self.res.physical_resource_name(),
|
|
self.res.resource_id)
|
|
self.res.nested().identifier.return_value = stack_identity
|
|
self.res.handle_delete()
|
|
self.res.rpc_client.return_value.delete_stack.assert_called_once_with(
|
|
self.ctx, self.res.nested().identifier())
|