Merge "Validate tenant_id part of TempURL in clients"

2014-10-22 15:11:52 +00:00 · 2014-10-22 15:11:52 +00:00 · ce6dac20fe
commit ce6dac20fe
parent 065de8289c 4e174fc6ac
5 changed files with 33 additions and 30 deletions
--- a/contrib/rackspace/rackspace/clients.py
+++ b/contrib/rackspace/rackspace/clients.py
@ -178,6 +178,26 @@ class RackspaceCinderClient(cinder.CinderClientPlugin):
 class RackspaceSwiftClient(swift.SwiftClientPlugin):
    def is_valid_temp_url_path(self, path):
        '''Return True if path is a valid Swift TempURL path, False otherwise.
        A Swift TempURL path must:
        - Be five parts, ['', 'v1', 'account', 'container', 'object']
        - Be a v1 request
        - Have account, container, and object values
        - Have an object value with more than just '/'s
        :param path: The TempURL path
        :type path: string
        '''
        parts = path.split('/', 4)
        return bool(len(parts) == 5 and
                    not parts[0] and
                    parts[1] == 'v1' and
                    parts[2] and
                    parts[3] and
                    parts[4].strip('/'))
    def get_temp_url(self, container_name, obj_name, timeout=None):
        '''
        Return a Swift TempURL.
--- a/heat/engine/clients/os/swift.py
+++ b/heat/engine/clients/os/swift.py
@ -65,8 +65,7 @@ class SwiftClientPlugin(client_plugin.ClientPlugin):
        return (isinstance(ex, exceptions.ClientException) and
                ex.http_status == 409)
-    @staticmethod
+    def is_valid_temp_url_path(self, path):
    def is_valid_temp_url_path(path):
        '''Return True if path is a valid Swift TempURL path, False otherwise.
        A Swift TempURL path must:
@ -82,7 +81,7 @@ class SwiftClientPlugin(client_plugin.ClientPlugin):
        return bool(len(parts) == 5 and
                    not parts[0] and
                    parts[1] == 'v1' and
-                    parts[2] and
+                    parts[2].endswith(self.context.tenant_id) and
                    parts[3] and
                    parts[4].strip('/'))
--- a/heat/engine/resources/swiftsignal.py
+++ b/heat/engine/resources/swiftsignal.py
@ -212,9 +212,6 @@ class SwiftSignal(resource.Resource):
        if not sc.is_valid_temp_url_path(self.url.path):
            raise ValueError(msg % {'url': self.url.path,
                                    'part': 'Swift TempURL path'})
        if not parts[2].endswith(self.context.tenant_id):
            raise ValueError(msg % {'url': self.url.path,
                                    'part': 'tenant'})
        if not parts[3] == self.stack.id:
            raise ValueError(msg % {'url': self.url.path,
                                    'part': 'container name'})
--- a/heat/tests/test_swift_client.py
+++ b/heat/tests/test_swift_client.py
@ -23,8 +23,9 @@ class SwiftClientPluginTestCase(common.HeatTestCase):
    def setUp(self):
        super(SwiftClientPluginTestCase, self).setUp()
        self.swift_client = mock.Mock()
-        con = utils.dummy_context()
+        self.context = utils.dummy_context()
-        c = con.clients
+        self.context.tenant_id = "demo"
        c = self.context.clients
        self.swift_plugin = c.client_plugin('swift')
        self.swift_plugin._client = self.swift_client
@ -32,7 +33,6 @@ class SwiftClientPluginTestCase(common.HeatTestCase):
 class SwiftUtilsTests(SwiftClientPluginTestCase):
    def test_is_valid_temp_url_path(self):
        sc = swift.SwiftClientPlugin
        valids = [
            "/v1/AUTH_demo/c/o",
@ -41,7 +41,7 @@ class SwiftUtilsTests(SwiftClientPluginTestCase):
            "/v1/AUTH_demo/c/pseudo_folder/o",
        ]
        for url in valids:
-            self.assertTrue(sc.is_valid_temp_url_path(url))
+            self.assertTrue(self.swift_plugin.is_valid_temp_url_path(url))
        invalids = [
            "/v2/AUTH_demo/c/o",
@ -52,15 +52,16 @@ class SwiftUtilsTests(SwiftClientPluginTestCase):
            "//v1/AUTH_demo/c/o",
            "/v1/AUTH_demo/o",
            "/v1/AUTH_demo//o",
            "/v1/AUTH_d3mo//o",
            "/v1//c/o",
            "/v1/c/o",
        ]
        for url in invalids:
-            self.assertFalse(sc.is_valid_temp_url_path(url))
+            self.assertFalse(self.swift_plugin.is_valid_temp_url_path(url))
    def test_get_temp_url(self):
        self.swift_client.url = ("http://fake-host.com:8080/v1/"
-                                 "AUTH_test_tenant_id")
+                                 "AUTH_demo")
        self.swift_client.head_account = mock.Mock(return_value={
            'x-account-meta-temp-url-key': '123456'})
        self.swift_client.post_account = mock.Mock()
@ -71,7 +72,7 @@ class SwiftUtilsTests(SwiftClientPluginTestCase):
        obj_name = '%s-%s' % (stack_name, handle_name)
        url = self.swift_plugin.get_temp_url(container_name, obj_name)
        self.assertFalse(self.swift_client.post_account.called)
-        regexp = ("http://fake-host.com:8080/v1/AUTH_test_tenant_id/%s"
+        regexp = ("http://fake-host.com:8080/v1/AUTH_demo/%s"
                  "/%s\?temp_url_sig=[0-9a-f]{40}&"
                  "temp_url_expires=[0-9]{10}" %
                  (container_name, obj_name))
@ -82,7 +83,7 @@ class SwiftUtilsTests(SwiftClientPluginTestCase):
    def test_get_temp_url_no_account_key(self):
        self.swift_client.url = ("http://fake-host.com:8080/v1/"
-                                 "AUTH_test_tenant_id")
+                                 "AUTH_demo")
        self.swift_client.head_account = mock.Mock(return_value={})
        self.swift_client.post_account = mock.Mock()
        self.assertFalse(self.swift_client.post_account.called)
@ -96,7 +97,7 @@ class SwiftUtilsTests(SwiftClientPluginTestCase):
    def test_get_signal_url(self):
        self.swift_client.url = ("http://fake-host.com:8080/v1/"
-                                 "AUTH_test_tenant_id")
+                                 "AUTH_demo")
        self.swift_client.head_account = mock.Mock(return_value={
            'x-account-meta-temp-url-key': '123456'})
        self.swift_client.post_account = mock.Mock()
@ -108,7 +109,7 @@ class SwiftUtilsTests(SwiftClientPluginTestCase):
        url = self.swift_plugin.get_signal_url(container_name, obj_name)
        self.assertTrue(self.swift_client.put_container.called)
        self.assertTrue(self.swift_client.put_object.called)
-        regexp = ("http://fake-host.com:8080/v1/AUTH_test_tenant_id/%s"
+        regexp = ("http://fake-host.com:8080/v1/AUTH_demo/%s"
                  "/%s\?temp_url_sig=[0-9a-f]{40}&"
                  "temp_url_expires=[0-9]{10}" %
                  (container_name, obj_name))
--- a/heat/tests/test_swiftsignal.py
+++ b/heat/tests/test_swiftsignal.py
@ -329,20 +329,6 @@ class SwiftSignalTest(common.HeatTestCase):
        self.assertIn('not a valid SwiftSignalHandle.  The container name',
                      six.text_type(st.status_reason))
    @mock.patch.object(swift.SwiftClientPlugin, 'get_signal_url')
    def test_validate_handle_url_bad_tenant(self, mock_handle_url):
        stack_id = '1234'
        mock_handle_url.return_value = (
            "http://fake-host.com:8080/v1/AUTH_foo/%s/"
            "test_st-test_wait_condition_handle?temp_url_sig="
            "12d8f9f2c923fbeb555041d4ed63d83de6768e95&"
            "temp_url_expires=1404762741" % stack_id)
        st = create_stack(swiftsignal_template, stack_id=stack_id)
        st.create()
        self.assertIn('not a valid SwiftSignalHandle.  The tenant',
                      six.text_type(st.status_reason))
    @mock.patch.object(swift.SwiftClientPlugin, '_create')
    @mock.patch.object(resource.Resource, 'physical_resource_name')
    def test_multiple_signals_same_id_complete(self, mock_name, mock_swift):