Use never expiring alarm_url for resource attributes

Don't use timestamp when generating ec2 signed url for alarm url
attributes of resource.

This will resolve the issue for new resources even if they are cached
in attributes or resource_data.

However, for existing stacks containing these resources the current
best option is to not cache these attributes and allow alarm resources
to be able to get a new never expiring urls in the next forced update.

Change-Id: If2ebc3deacb770294004ae023500367af603b59e
Task: 39985
Related-Bug: #1872737
This commit is contained in:
Rabi Mishra 2020-06-05 23:30:09 +05:30
parent 3047ca7d36
commit d0e44ded0a
6 changed files with 21 additions and 16 deletions

View File

@ -83,7 +83,8 @@ class AWSScalingPolicy(heat_sp.AutoScalingPolicy):
attributes_schema = {
ALARM_URL: attributes.Schema(
_("A signed url to handle the alarm. (Heat extension)."),
type=attributes.Schema.STRING
type=attributes.Schema.STRING,
cache_mode=attributes.Schema.CACHE_NONE
),
}
@ -99,7 +100,7 @@ class AWSScalingPolicy(heat_sp.AutoScalingPolicy):
def get_reference_id(self):
if self.resource_id is not None:
return str(self._get_ec2_signed_url())
return str(self._get_ec2_signed_url(never_expire=True))
else:
return str(self.name)

View File

@ -98,7 +98,8 @@ class AutoScalingPolicy(signal_responder.SignalResponder):
attributes_schema = {
ALARM_URL: attributes.Schema(
_("A signed url to handle the alarm."),
type=attributes.Schema.STRING
type=attributes.Schema.STRING,
cache_mode=attributes.Schema.CACHE_NONE
),
SIGNAL_URL: attributes.Schema(
_("A url to handle the alarm using native API."),
@ -185,7 +186,7 @@ class AutoScalingPolicy(signal_responder.SignalResponder):
if self.resource_id is None:
return
if name == self.ALARM_URL:
return str(self._get_ec2_signed_url())
return str(self._get_ec2_signed_url(never_expire=True))
elif name == self.SIGNAL_URL:
return str(self._get_heat_signal_url())

View File

@ -375,7 +375,8 @@ class Workflow(signal_responder.SignalResponder,
ALARM_URL: attributes.Schema(
_("A signed url to create executions for workflows specified in "
"Workflow resource."),
type=attributes.Schema.STRING
type=attributes.Schema.STRING,
cache_mode=attributes.Schema.CACHE_NONE
),
EXECUTIONS: attributes.Schema(
_("List of workflows' executions, each of them is a dictionary "
@ -660,7 +661,7 @@ class Workflow(signal_responder.SignalResponder,
self.INPUT: self.properties.get(self.INPUT)}
elif name == self.ALARM_URL and self.resource_id is not None:
return str(self._get_ec2_signed_url())
return str(self._get_ec2_signed_url(never_expire=True))
def resource_mapping():

View File

@ -180,7 +180,8 @@ class SaharaJob(signal_responder.SignalResponder, resource.Resource):
DEFAULT_EXECUTION_URL: attributes.Schema(
_("A signed url to create execution specified in "
"default_execution_data property."),
type=attributes.Schema.STRING
type=attributes.Schema.STRING,
cache_mode=attributes.Schema.CACHE_NONE
),
EXECUTIONS: attributes.Schema(
_("List of the job executions."),
@ -296,7 +297,7 @@ class SaharaJob(signal_responder.SignalResponder, resource.Resource):
def _resolve_attribute(self, name):
if name == self.DEFAULT_EXECUTION_URL:
return str(self._get_ec2_signed_url())
return str(self._get_ec2_signed_url(never_expire=True))
elif name == self.EXECUTIONS:
try:
job_execs = self.client().job_executions.find(

View File

@ -116,7 +116,8 @@ class SignalResponder(stack_user.StackUser):
'domain_id': self.keystone().stack_domain_id,
'region_name': self._get_region_name()}
def _get_ec2_signed_url(self, signal_type=SIGNAL):
def _get_ec2_signed_url(self, signal_type=SIGNAL,
never_expire=False):
"""Create properly formatted and pre-signed URL.
This uses the created user for the credentials.
@ -160,15 +161,16 @@ class SignalResponder(stack_user.StackUser):
# need to calculate the signature with the path component unquoted, but
# ensure the actual URL contains the quoted version...
unquoted_path = parse.unquote(host_url.path + path)
params = {'SignatureMethod': 'HmacSHA256',
'SignatureVersion': '2',
'AWSAccessKeyId': access_key}
if not never_expire:
params['Timestamp'] = timeutils.utcnow().strftime(
"%Y-%m-%dT%H:%M:%SZ")
request = {'host': host_url.netloc.lower(),
'verb': SIGNAL_VERB[signal_type],
'path': unquoted_path,
'params': {'SignatureMethod': 'HmacSHA256',
'SignatureVersion': '2',
'AWSAccessKeyId': access_key,
'Timestamp':
timeutils.utcnow().strftime("%Y-%m-%dT%H:%M:%SZ")
}}
'params': params}
# Sign the request
signer = ec2_utils.Ec2Signer(secret_key)
request['params']['Signature'] = signer.generate(request)

View File

@ -182,7 +182,6 @@ class ScalingPolicyAttrTest(common.HeatTestCase):
self.assertEqual('Signature', args[1].split('=')[0])
self.assertEqual('SignatureMethod', args[2].split('=')[0])
self.assertEqual('SignatureVersion', args[3].split('=')[0])
self.assertEqual('Timestamp', args[4].split('=')[0])
def test_signal_attribute(self):
heat_plugin = self.stack.clients.client_plugin('heat')