openstack
/
heat
Code Issues Proposed changes

Check for missing param schema in encryption utility 

Closes-Bug: #1559302
Change-Id: Ic33a0304b1a325013eba0874bb605e86b0a57622
This commit is contained in:
Jason Dunsmore 2016-04-21 14:51:40 -05:00
parent 59084fa24e
commit 8cb315a23b
2 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
heat/db/sqlalchemy/api.py
View File

@ -1258,7 +1258,7 @@ def db_encrypt_parameters_and_properties(ctxt, encryption_key, batch_size=50,
if (not env or
'parameters' not in env or
not tmpl.param_schemata()):
not param_schemata):
continue
if 'encrypted_param_names' in env:
encrypted_params = env['encrypted_param_names']
@ -1266,9 +1266,10 @@ def db_encrypt_parameters_and_properties(ctxt, encryption_key, batch_size=50,
encrypted_params = []
for param_name, param_val in env['parameters'].items():
if ((param_name in encrypted_params) or
(not param_schemata[param_name].hidden)):
continue
if (param_name in encrypted_params or
param_name not in param_schemata or
not param_schemata[param_name].hidden):
continue
encrypted_val = crypt.encrypt(six.text_type(param_val),
encryption_key)
env['parameters'][param_name] = encrypted_val

13
heat/tests/db/test_sqlalchemy_api.py
View File

@ -11,6 +11,7 @@
# License for the specific language governing permissions and limitations
# under the License.
import copy
import datetime
import fixtures
import json
@ -3273,6 +3274,18 @@ class DBAPICryptParamsPropsTest(common.HeatTestCase):
self.assertNotIn("Successfully processed resource 1",
info_logger2.output)
def test_db_encrypt_no_param_schema(self):
t = copy.deepcopy(self.t)
del(t['parameters']['param2'])
template = {
'template': t,
'files': {'foo': 'bar'},
'environment': {'encrypted_param_names': [],
'parameters': {'param2': 'foo'}}}
db_api.raw_template_create(self.ctx, template)
self.assertEqual([], db_api.db_encrypt_parameters_and_properties(
self.ctx, cfg.CONF.auth_encryption_key))
def test_db_encrypt_non_string_param_type(self):
t = template_format.parse('''
heat_template_version: 2013-05-23