Use never expiring alarm_url for resource attributes

Don't use timestamp when generating ec2 signed url for alarm url attributes of resource. This will resolve the issue for new resources even if they are cached in attributes or resource_data. However, for existing stacks containing these resources the current best option is to not cache these attributes and allow alarm resources to be able to get a new never expiring urls in the next forced update. Change-Id: If2ebc3deacb770294004ae023500367af603b59e Task: 39985 Related-Bug: #1872737
2020-06-05 23:30:09 +05:30 · 2020-06-05 23:30:09 +05:30 · d0e44ded0a
commit d0e44ded0a
parent 3047ca7d36
6 changed files with 21 additions and 16 deletions
--- a/heat/engine/resources/aws/autoscaling/scaling_policy.py
+++ b/heat/engine/resources/aws/autoscaling/scaling_policy.py
@ -83,7 +83,8 @@ class AWSScalingPolicy(heat_sp.AutoScalingPolicy):
    attributes_schema = {
        ALARM_URL: attributes.Schema(
            _("A signed url to handle the alarm. (Heat extension)."),
-            type=attributes.Schema.STRING
+            type=attributes.Schema.STRING,
+            cache_mode=attributes.Schema.CACHE_NONE
        ),
    }

@ -99,7 +100,7 @@ class AWSScalingPolicy(heat_sp.AutoScalingPolicy):

    def get_reference_id(self):
        if self.resource_id is not None:
-            return str(self._get_ec2_signed_url())
+            return str(self._get_ec2_signed_url(never_expire=True))
        else:
            return str(self.name)

--- a/heat/engine/resources/openstack/heat/scaling_policy.py
+++ b/heat/engine/resources/openstack/heat/scaling_policy.py
@ -98,7 +98,8 @@ class AutoScalingPolicy(signal_responder.SignalResponder):
    attributes_schema = {
        ALARM_URL: attributes.Schema(
            _("A signed url to handle the alarm."),
-            type=attributes.Schema.STRING
+            type=attributes.Schema.STRING,
+            cache_mode=attributes.Schema.CACHE_NONE
        ),
        SIGNAL_URL: attributes.Schema(
            _("A url to handle the alarm using native API."),
@ -185,7 +186,7 @@ class AutoScalingPolicy(signal_responder.SignalResponder):
        if self.resource_id is None:
            return
        if name == self.ALARM_URL:
-            return str(self._get_ec2_signed_url())
+            return str(self._get_ec2_signed_url(never_expire=True))
        elif name == self.SIGNAL_URL:
            return str(self._get_heat_signal_url())

--- a/heat/engine/resources/openstack/mistral/workflow.py
+++ b/heat/engine/resources/openstack/mistral/workflow.py
@ -375,7 +375,8 @@ class Workflow(signal_responder.SignalResponder,
        ALARM_URL: attributes.Schema(
            _("A signed url to create executions for workflows specified in "
              "Workflow resource."),
-            type=attributes.Schema.STRING
+            type=attributes.Schema.STRING,
+            cache_mode=attributes.Schema.CACHE_NONE
        ),
        EXECUTIONS: attributes.Schema(
            _("List of workflows' executions, each of them is a dictionary "
@ -660,7 +661,7 @@ class Workflow(signal_responder.SignalResponder,
                    self.INPUT: self.properties.get(self.INPUT)}

        elif name == self.ALARM_URL and self.resource_id is not None:
-            return str(self._get_ec2_signed_url())
+            return str(self._get_ec2_signed_url(never_expire=True))


 def resource_mapping():
--- a/heat/engine/resources/openstack/sahara/job.py
+++ b/heat/engine/resources/openstack/sahara/job.py
@ -180,7 +180,8 @@ class SaharaJob(signal_responder.SignalResponder, resource.Resource):
        DEFAULT_EXECUTION_URL: attributes.Schema(
            _("A signed url to create execution specified in "
              "default_execution_data property."),
-            type=attributes.Schema.STRING
+            type=attributes.Schema.STRING,
+            cache_mode=attributes.Schema.CACHE_NONE
        ),
        EXECUTIONS: attributes.Schema(
            _("List of the job executions."),
@ -296,7 +297,7 @@ class SaharaJob(signal_responder.SignalResponder, resource.Resource):

    def _resolve_attribute(self, name):
        if name == self.DEFAULT_EXECUTION_URL:
-            return str(self._get_ec2_signed_url())
+            return str(self._get_ec2_signed_url(never_expire=True))
        elif name == self.EXECUTIONS:
            try:
                job_execs = self.client().job_executions.find(
--- a/heat/engine/resources/signal_responder.py
+++ b/heat/engine/resources/signal_responder.py
@ -116,7 +116,8 @@ class SignalResponder(stack_user.StackUser):
                'domain_id': self.keystone().stack_domain_id,
                'region_name': self._get_region_name()}

-    def _get_ec2_signed_url(self, signal_type=SIGNAL):
+    def _get_ec2_signed_url(self, signal_type=SIGNAL,
+                            never_expire=False):
        """Create properly formatted and pre-signed URL.

        This uses the created user for the credentials.
@ -160,15 +161,16 @@ class SignalResponder(stack_user.StackUser):
        # need to calculate the signature with the path component unquoted, but
        # ensure the actual URL contains the quoted version...
        unquoted_path = parse.unquote(host_url.path + path)
+        params = {'SignatureMethod': 'HmacSHA256',
+                  'SignatureVersion': '2',
+                  'AWSAccessKeyId': access_key}
+        if not never_expire:
+            params['Timestamp'] = timeutils.utcnow().strftime(
+                "%Y-%m-%dT%H:%M:%SZ")
        request = {'host': host_url.netloc.lower(),
                   'verb': SIGNAL_VERB[signal_type],
                   'path': unquoted_path,
-                   'params': {'SignatureMethod': 'HmacSHA256',
-                              'SignatureVersion': '2',
-                              'AWSAccessKeyId': access_key,
-                              'Timestamp':
-                              timeutils.utcnow().strftime("%Y-%m-%dT%H:%M:%SZ")
-                              }}
+                   'params': params}
        # Sign the request
        signer = ec2_utils.Ec2Signer(secret_key)
        request['params']['Signature'] = signer.generate(request)
--- a/heat/tests/autoscaling/test_heat_scaling_policy.py
+++ b/heat/tests/autoscaling/test_heat_scaling_policy.py
@ -182,7 +182,6 @@ class ScalingPolicyAttrTest(common.HeatTestCase):
        self.assertEqual('Signature', args[1].split('=')[0])
        self.assertEqual('SignatureMethod', args[2].split('=')[0])
        self.assertEqual('SignatureVersion', args[3].split('=')[0])
-        self.assertEqual('Timestamp', args[4].split('=')[0])

    def test_signal_attribute(self):
        heat_plugin = self.stack.clients.client_plugin('heat')