From 1dbb189270cffc0edf0721815582b39ab2776031 Mon Sep 17 00:00:00 2001
From: Rajiv Kumar <rajiv.kumar@nectechnologies.in>
Date: Mon, 30 Mar 2015 10:32:44 +0530
Subject: [PATCH] auth_encryption_key is being checked to be 16, 24, or 32

If auth_encryption_key length is not 16 or 24 or 32 in that case
heat operations such as stack-creates fails. This check has been
added.

Change-Id: Ic653d18dbb7523ca5286ae0951eb86ad72cbdb13
Closes-bug: #1415887
---
 heat/common/config.py         |  4 ++++
 heat/common/crypt.py          |  7 +++++--
 heat/tests/test_heatclient.py | 16 ++++++++++++++++
 3 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/heat/common/config.py b/heat/common/config.py
index 9d4a67b25c..8d9a516c24 100644
--- a/heat/common/config.py
+++ b/heat/common/config.py
@@ -315,6 +315,10 @@ def startup_sanity_check():
                                     '"stack_user_domain_name" without '
                                     '"stack_domain_admin" and '
                                     '"stack_domain_admin_password"'))
+    auth_key_len = len(cfg.CONF.auth_encryption_key)
+    if auth_key_len not in [16, 24, 32]:
+        raise exception.Error(_('heat.conf misconfigured, auth_encryption_key '
+                                'length must be 16, 24 or 32'))
 
 
 def list_opts():
diff --git a/heat/common/crypt.py b/heat/common/crypt.py
index 6b53058b20..07c3c72f45 100644
--- a/heat/common/crypt.py
+++ b/heat/common/crypt.py
@@ -16,13 +16,16 @@ import base64
 from Crypto.Cipher import AES
 from oslo_config import cfg
 
+from heat.common.i18n import _
 from heat.openstack.common.crypto import utils
 
 
 auth_opts = [
     cfg.StrOpt('auth_encryption_key',
-               default='notgood but just long enough i think',
-               help="Encryption key used for authentication info in database.")
+               default='notgood but just long enough i t',
+               help=_('Encryption key used for authentication '
+                      'info in database. Length of this key '
+                      'must be 16, 24 or 32'))
 ]
 
 cfg.CONF.register_opts(auth_opts)
diff --git a/heat/tests/test_heatclient.py b/heat/tests/test_heatclient.py
index 31cb259f74..0ced36bae9 100644
--- a/heat/tests/test_heatclient.py
+++ b/heat/tests/test_heatclient.py
@@ -1583,3 +1583,19 @@ class KeystoneClientTestDomainName(KeystoneClientTest):
     def test_create_stack_domain_user(self):
         p = super(KeystoneClientTestDomainName, self)
         p.test_create_stack_domain_user()
+
+
+class HeatClientTest(KeystoneClientTest):
+    """Test cases for heat.common.config"""
+
+    def setUp(self):
+        super(HeatClientTest, self).setUp()
+
+    def test_init_auth_encryption_key_length(self):
+        """Test for length of the auth_encryption_length in config file"""
+        cfg.CONF.set_override('auth_encryption_key', 'abcdefghijklma')
+        err = self.assertRaises(exception.Error,
+                                config.startup_sanity_check)
+        exp_msg = ('heat.conf misconfigured, auth_encryption_key '
+                   'length must be 16, 24 or 32')
+        self.assertIn(exp_msg, six.text_type(err))