Use never expiring alarm_url for resource attributes
Don't use timestamp when generating ec2 signed url for alarm url
attributes of resource.
This will resolve the issue for new resources even if they are cached
in attributes or resource_data.
However, for existing stacks containing these resources the current
best option is to not cache these attributes and allow alarm resources
to be able to get a new never expiring urls in the next forced update.
Change-Id: If2ebc3deacb770294004ae023500367af603b59e
Task: 39985
Related-Bug: #1872737
(cherry picked from commit d0e44ded0a
)
This commit is contained in:
parent
a4346b3287
commit
eb8bfd530b
|
@ -85,7 +85,8 @@ class AWSScalingPolicy(heat_sp.AutoScalingPolicy):
|
|||
attributes_schema = {
|
||||
ALARM_URL: attributes.Schema(
|
||||
_("A signed url to handle the alarm. (Heat extension)."),
|
||||
type=attributes.Schema.STRING
|
||||
type=attributes.Schema.STRING,
|
||||
cache_mode=attributes.Schema.CACHE_NONE
|
||||
),
|
||||
}
|
||||
|
||||
|
@ -101,7 +102,7 @@ class AWSScalingPolicy(heat_sp.AutoScalingPolicy):
|
|||
|
||||
def get_reference_id(self):
|
||||
if self.resource_id is not None:
|
||||
return six.text_type(self._get_ec2_signed_url())
|
||||
return six.text_type(self._get_ec2_signed_url(never_expire=True))
|
||||
else:
|
||||
return six.text_type(self.name)
|
||||
|
||||
|
|
|
@ -99,7 +99,8 @@ class AutoScalingPolicy(signal_responder.SignalResponder):
|
|||
attributes_schema = {
|
||||
ALARM_URL: attributes.Schema(
|
||||
_("A signed url to handle the alarm."),
|
||||
type=attributes.Schema.STRING
|
||||
type=attributes.Schema.STRING,
|
||||
cache_mode=attributes.Schema.CACHE_NONE
|
||||
),
|
||||
SIGNAL_URL: attributes.Schema(
|
||||
_("A url to handle the alarm using native API."),
|
||||
|
@ -186,7 +187,7 @@ class AutoScalingPolicy(signal_responder.SignalResponder):
|
|||
if self.resource_id is None:
|
||||
return
|
||||
if name == self.ALARM_URL:
|
||||
return six.text_type(self._get_ec2_signed_url())
|
||||
return six.text_type(self._get_ec2_signed_url(never_expire=True))
|
||||
elif name == self.SIGNAL_URL:
|
||||
return six.text_type(self._get_heat_signal_url())
|
||||
|
||||
|
|
|
@ -376,7 +376,8 @@ class Workflow(signal_responder.SignalResponder,
|
|||
ALARM_URL: attributes.Schema(
|
||||
_("A signed url to create executions for workflows specified in "
|
||||
"Workflow resource."),
|
||||
type=attributes.Schema.STRING
|
||||
type=attributes.Schema.STRING,
|
||||
cache_mode=attributes.Schema.CACHE_NONE
|
||||
),
|
||||
EXECUTIONS: attributes.Schema(
|
||||
_("List of workflows' executions, each of them is a dictionary "
|
||||
|
@ -661,7 +662,7 @@ class Workflow(signal_responder.SignalResponder,
|
|||
self.INPUT: self.properties.get(self.INPUT)}
|
||||
|
||||
elif name == self.ALARM_URL and self.resource_id is not None:
|
||||
return six.text_type(self._get_ec2_signed_url())
|
||||
return six.text_type(self._get_ec2_signed_url(never_expire=True))
|
||||
|
||||
|
||||
def resource_mapping():
|
||||
|
|
|
@ -182,7 +182,8 @@ class SaharaJob(signal_responder.SignalResponder, resource.Resource):
|
|||
DEFAULT_EXECUTION_URL: attributes.Schema(
|
||||
_("A signed url to create execution specified in "
|
||||
"default_execution_data property."),
|
||||
type=attributes.Schema.STRING
|
||||
type=attributes.Schema.STRING,
|
||||
cache_mode=attributes.Schema.CACHE_NONE
|
||||
),
|
||||
EXECUTIONS: attributes.Schema(
|
||||
_("List of the job executions."),
|
||||
|
@ -298,7 +299,7 @@ class SaharaJob(signal_responder.SignalResponder, resource.Resource):
|
|||
|
||||
def _resolve_attribute(self, name):
|
||||
if name == self.DEFAULT_EXECUTION_URL:
|
||||
return six.text_type(self._get_ec2_signed_url())
|
||||
return six.text_type(self._get_ec2_signed_url(never_expire=True))
|
||||
elif name == self.EXECUTIONS:
|
||||
try:
|
||||
job_execs = self.client().job_executions.find(
|
||||
|
|
|
@ -114,7 +114,8 @@ class SignalResponder(stack_user.StackUser):
|
|||
'region_name': (self.context.region_name or
|
||||
cfg.CONF.region_name_for_services)}
|
||||
|
||||
def _get_ec2_signed_url(self, signal_type=SIGNAL):
|
||||
def _get_ec2_signed_url(self, signal_type=SIGNAL,
|
||||
never_expire=False):
|
||||
"""Create properly formatted and pre-signed URL.
|
||||
|
||||
This uses the created user for the credentials.
|
||||
|
@ -158,15 +159,16 @@ class SignalResponder(stack_user.StackUser):
|
|||
# need to calculate the signature with the path component unquoted, but
|
||||
# ensure the actual URL contains the quoted version...
|
||||
unquoted_path = urlparse.unquote(host_url.path + path)
|
||||
params = {'SignatureMethod': 'HmacSHA256',
|
||||
'SignatureVersion': '2',
|
||||
'AWSAccessKeyId': access_key}
|
||||
if not never_expire:
|
||||
params['Timestamp'] = timeutils.utcnow().strftime(
|
||||
"%Y-%m-%dT%H:%M:%SZ")
|
||||
request = {'host': host_url.netloc.lower(),
|
||||
'verb': SIGNAL_VERB[signal_type],
|
||||
'path': unquoted_path,
|
||||
'params': {'SignatureMethod': 'HmacSHA256',
|
||||
'SignatureVersion': '2',
|
||||
'AWSAccessKeyId': access_key,
|
||||
'Timestamp':
|
||||
timeutils.utcnow().strftime("%Y-%m-%dT%H:%M:%SZ")
|
||||
}}
|
||||
'params': params}
|
||||
# Sign the request
|
||||
signer = ec2_utils.Ec2Signer(secret_key)
|
||||
request['params']['Signature'] = signer.generate(request)
|
||||
|
|
|
@ -183,7 +183,6 @@ class ScalingPolicyAttrTest(common.HeatTestCase):
|
|||
self.assertEqual('Signature', args[1].split('=')[0])
|
||||
self.assertEqual('SignatureMethod', args[2].split('=')[0])
|
||||
self.assertEqual('SignatureVersion', args[3].split('=')[0])
|
||||
self.assertEqual('Timestamp', args[4].split('=')[0])
|
||||
|
||||
def test_signal_attribute(self):
|
||||
heat_plugin = self.stack.clients.client_plugin('heat')
|
||||
|
|
Loading…
Reference in New Issue