openstack/ironic-python-agent
Code Issues Proposed changes

Fix checksum validation logic

Browse Source 
The checksum validation logic, which was updated early on in the
whole process of deprecating md5, didn't account for a URL *or* a
longer checksum (i.e. sha256/sha512) which was decided while the
overall approach was being decided.

Fixes the logic, and adds additional tests.

Change-Id: Ic4053776e131fc02ace295a1e69e9f9faab47f42
This commit is contained in:
Julia Kreger 2023-05-02 17:24:57 -07:00
parent f37ea85a27
commit c05fdf790c
2 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ironic_python_agent/extensions/standby.py
View File

@ -535,6 +535,7 @@ def _validate_image_info(ext, image_info=None, **kwargs):
""" """
image_info = image_info or {} image_info = image_info or {}
checksum_avail = False
md5sum_avail = False md5sum_avail = False
os_hash_checksum_avail = False os_hash_checksum_avail = False
@ -553,7 +554,12 @@ def _validate_image_info(ext, image_info=None, **kwargs):
or not image_info['checksum']): or not image_info['checksum']):
raise errors.InvalidCommandParamsError( raise errors.InvalidCommandParamsError(
'Image \'checksum\' must be a non-empty string.') 'Image \'checksum\' must be a non-empty string.')
if CONF.md5_enabled: if _is_checksum_url(checksum) or len(checksum) > 32:
# Checksum is a URL *or* a greater than 32 characters,
# putting it into the realm of sha256 or sha512 and not
# the MD5 algorithm.
checksum_avail = True
elif CONF.md5_enabled:
md5sum_avail = True md5sum_avail = True
os_hash_algo = image_info.get('os_hash_algo') os_hash_algo = image_info.get('os_hash_algo')
@ -569,7 +575,7 @@ def _validate_image_info(ext, image_info=None, **kwargs):
'Image \'os_hash_value\' must be a non-empty string.') 'Image \'os_hash_value\' must be a non-empty string.')
os_hash_checksum_avail = True os_hash_checksum_avail = True
if not (md5sum_avail or os_hash_checksum_avail): if not (checksum_avail or md5sum_avail or os_hash_checksum_avail):
raise errors.InvalidCommandParamsError( raise errors.InvalidCommandParamsError(
'Image checksum is not available, either the \'checksum\' field ' 'Image checksum is not available, either the \'checksum\' field '
'or the \'os_hash_algo\' and \'os_hash_value\' fields pair must ' 'or the \'os_hash_algo\' and \'os_hash_value\' fields pair must '

14
ironic_python_agent/tests/unit/extensions/test_standby.py
View File

@ -108,6 +108,20 @@ class TestStandbyExtension(base.IronicAgentTest):
del image_info['os_hash_value'] del image_info['os_hash_value']
standby._validate_image_info(None, image_info) standby._validate_image_info(None, image_info)
def test_validate_image_info_url(self):
image_info = _build_fake_image_info()
image_info['checksum'] = 'https://fake.url'
del image_info['os_hash_algo']
del image_info['os_hash_value']
standby._validate_image_info(None, image_info)
def test_validate_image_info_sha256(self):
image_info = _build_fake_image_info()
image_info['checksum'] = 'a' * 64
del image_info['os_hash_algo']
del image_info['os_hash_value']
standby._validate_image_info(None, image_info)
def test_validate_image_info_legacy_md5_checksum(self): def test_validate_image_info_legacy_md5_checksum(self):
image_info = _build_fake_image_info() image_info = _build_fake_image_info()
del image_info['os_hash_algo'] del image_info['os_hash_algo']