openstack/nova
Code Issues Proposed changes
2ffcf18d00
nova/nova/compute
History
Nikola Dipanov 2ffcf18d00 consoleauth: Store access_url on token authorization 
Related-bug: 1409142

As part of the fix for the related bug - we've added protocol checking
to mitigate MITM attacks, however we base protocol checking on a config
option that is normally only intended for compute hosts.

This is quite user hostile, as it is now important that all nodes
running compute and proxy services have this option in sync.

We can do better than that - we can persist the URL the client is
expected to use, and once we get it back on token validation, we can
make sure that the request is using the intended protocol, mitigating
the MITM injected script attacks.

This patch makes sure that the access_url is persisted with the token -
the follow-up patch makes consoles use that info.

Change-Id: I02a377f54de46536ca35413b615d3298967afc33
2015-04-07 16:54:32 +01:00
..
monitors Don't add exception instance in LOG.exception 2015-03-09 09:57:25 +00:00
resources Use oslo.log 2015-02-22 07:56:40 -05:00
__init__.py Switch to using oslo_* instead of oslo.* 2015-02-06 06:03:10 -05:00
api.py consoleauth: Store access_url on token authorization 2015-04-07 16:54:32 +01:00
arch.py Add amd64 to arch.canonicalize() 2014-09-08 08:08:00 -07:00
build_results.py Compute Add build_instance hook in compute manager 2014-12-04 10:12:00 -05:00
cells_api.py consoleauth: Store access_url on token authorization 2015-04-07 16:54:32 +01:00
claims.py objects: introduce numa topology limits objects 2015-03-12 16:39:49 -04:00
cpumodel.py Add VirtCPUModel nova objects 2015-02-09 10:26:10 +11:00
flavors.py Merge "Avoid KeyError Exception in extract_flavor()" 2015-03-23 06:59:11 +00:00
hv_type.py compute: rename hvtype.py to hv_type.py 2014-11-20 11:26:39 +00:00
instance_actions.py Add missing instance action record for start of live migration 2014-09-24 10:14:42 +08:00
manager.py Merge "Cancel all waiting events during compute node shutdown" 2015-04-06 23:39:43 +00:00
power_state.py Remove underscore for the STATE_MAP variable 2014-02-17 03:01:45 -08:00
resource_tracker.py Merge "Move ComputeNode creation at init stage in ResourceTracker" 2015-03-27 19:28:47 +00:00
rpcapi.py Handle nova-network tuple format in legacy RPC calls 2015-03-31 15:32:45 -07:00
stats.py Switch to using oslo_* instead of oslo.* 2015-02-06 06:03:10 -05:00
task_states.py Recover from REBOOT-* state on compute manager start-up 2014-03-12 10:00:54 +00:00
utils.py Truncate encoded instance sys meta to 255 or less 2015-03-04 20:17:08 -06:00
vm_mode.py Convert nova.compute.* to use instance dot notation 2015-02-25 17:21:36 -05:00
vm_states.py Recover from REBOOT-* state on compute manager start-up 2014-03-12 10:00:54 +00:00