ironic/releasenotes/notes/prevent-callback-url-from-being-updated-41d50b20fb236e82.yaml
Julia Kreger 25cc871450 Block ability update callback_url
A malicious user with:

* API access normally reserved for the provisioning,
  cleaning, rescue networks.
* Insight about a node, such as a MAC address, or baremetal node
  UUID.
* Insight into the state of the node, such as the access provided
  to Compute API users, or other Bare Metal API users.

Can submit an erroneous ``heartbeat`` to the ironic-api endpoint
with a ``callback_url`` that is not of the actual intended agent.
This can potentially cause a rescue, cleaning, or deployment
operation to be derailed, or at worst commands to be sent to
to an endpoint the malicious user controls.

Story: 2006773
Task: 37295
Change-Id: I1a5e3c2b34d45c06fb74e82d0f30735ce9041914
(cherry picked from commit 931c125982)
2019-12-16 22:17:22 +00:00

11 lines
498 B
YAML

---
security:
- |
Prevents additional updates of an agent ``callback_url`` through the agent
heartbeat ``/v1/heartbeat/<node_uuid>`` endpoint as the ``callback_url``
should remain stable through the cleaning, provisioning, or rescue
processes. Should anything such as an unexpected agent reboot cause the
``callback_url``, heartbeat operations will now be ignored.
More information can be found at
`story 2006773 <https://storyboard.openstack.org/#!/story/2006773>`_.