openstack
/
heat
Code Issues Proposed changes
heat/heat/common
History
Zane Bitter 8ce005cc0e Fix entropy problems with OS::Random::String 
When generating a random string, once we had selected from the various
required pools, we continued by selecting a pool at random and then
selecting a character from that pool at random. This did not take into
account the differing sizes of the available pools, nor the fact that the
same character could appear in multiple pools, which resulted in a
non-uniform probability distribution of characters. Since users mostly make
use of this feature to generate default passwords for services they are
deploying, this would result in the generated passwords having slightly
less entropy than expected (and pathological cases were possible).

Rectify this by always selecting non-constrained characters from a single
combined pool, and by ensuring that each character appears only once in any
pool we're selecting from.

Since we also want to use this method to generate passwords for OpenStack
Users, the new implementation is in a separate module in heat.common rather
than mixed in with the resource's logic. Also, use a StringIO object to
collect the characters rather than repeatedly appending to a string.

Change-Id: Ia7b63e72c1e3c0649290caf4fea8a32f7f89560b
Closes-Bug: #1757300
Related-Bug: #1666129
Related-Bug: #1444429
(cherry picked from commit 6e16c051ba)
 		2018-04-06 10:30:56 -04:00
..
__init__.py Empty files shouldn't contain copyright nor license 2013-12-24 20:29:31 +08:00
auth_password.py Sync context with oslo.context 2016-06-17 11:46:00 +10:00
auth_url.py Make auth_url lookup dynamic 2016-03-04 17:35:52 +01:00
cache.py Use caching for resource name/id finders 2016-02-18 17:52:03 +05:30
config.py Do not count events for every event created 2016-11-29 12:01:26 -08:00
context.py Cache policy enforcer 2017-07-27 01:55:24 +00:00
crypt.py Refactor, add encrypt/decrypt data dict functions to crypt 2016-11-28 20:31:49 -08:00
custom_backend_auth.py Fix some inconsistency in docstrings 2015-12-29 01:40:42 +08:00
endpoint_utils.py Use keystone session in endpoint_utils 2016-09-06 09:48:59 +05:30
environment_format.py Add new environment section for merge strategies 2016-08-19 08:54:30 +05:30
environment_util.py Fix string declaration in environment_util.py 2016-12-23 01:43:44 +00:00
exception.py Pass on outputs errors to parent stacks 2017-03-16 19:14:02 +00:00
grouputils.py InstanceGroup to keep FAILED resources in template 2016-01-21 22:22:31 -05:00
i18n.py Fix unfortunate spelling error 2016-04-04 12:43:16 -04:00
identifier.py Fix [H405] pep rule in heat/common 2015-10-08 15:13:52 +03:00
lifecycle_plugin_utils.py Fix [H405] pep rule in heat/common 2015-10-08 15:13:52 +03:00
messaging.py Set access_policy for messaging's dispatcher 2017-01-03 02:42:31 +00:00
netutils.py Add dns constraints 2016-07-26 10:01:06 +05:30
noauth.py Add noauth middleware 2016-10-13 11:49:19 -04:00
param_utils.py Convert props form delimited params to lists 2016-08-26 17:43:33 +05:30
password_gen.py Fix entropy problems with OS::Random::String 2018-04-06 10:30:56 -04:00
plugin_loader.py Update the rest of the code to satisfy flake8 in a py34 env 2015-04-24 11:53:43 +05:30
pluginutils.py Fix no message attribute in exception 2017-07-27 01:28:55 +00:00
policy.py Cache policy enforcer 2017-07-27 01:55:24 +00:00
profiler.py Support new osprofiler API 2016-12-12 09:39:17 +00:00
serializers.py Stop showing json deserialized message in log 2017-03-07 13:10:23 -05:00
service_utils.py Move some functions to service_utils 2016-06-01 03:57:04 +00:00
short_id.py Some lambda were replaced on def 2015-09-23 11:35:29 +01:00
template_format.py Parse JSON as JSON when converting to YAML 2016-08-16 17:44:36 -04:00
timeutils.py Restore timezone information in API response 2016-09-07 23:29:50 +02:00
urlfetch.py Prevent template validate from scanning ports 2016-10-18 16:43:24 +02:00
wsgi.py Using oslo_config's min attribute in heat 2016-08-24 05:36:47 +00:00