Don't allow the user to pass in a trust ID

Since Aodh uses trust IDs stored in alarm URLs unconditionally - without
checking for tenant safety - it is not safe to allow users to pass in their own
trust IDs. Forbid this and allow only trusts created by Aodh to be used. It is
highly unlikely that there is any (legitimate) use of this feature in the wild,
since allowing Aodh to create the trust is easier anyway.

Change-Id: I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851
Closes-Bug: #1649333
This commit is contained in:
Zane Bitter 2017-08-15 12:19:08 +02:00 committed by Julien Danjou
parent a698264a29
commit cb90d3ad47
3 changed files with 4 additions and 3 deletions

View File

@ -423,7 +423,8 @@ class Alarm(base.Base):
url = netutils.urlsplit(action)
if self._is_trust_url(url):
if '@' in url.netloc:
continue
errmsg = _("trust URL cannot contain a trust ID.")
raise base.ClientSideError(errmsg)
if trust_id is None:
# We have a trust action without a trust ID,
# create it

View File

@ -55,5 +55,5 @@ class TrustRestAlarmNotifier(TrustAlarmNotifierMixin, rest.RestAlarmNotifier):
keystone authentication. It uses the aodh service user to
authenticate using the trust ID provided.
The URL must be in the form ``trust+http://trust-id@host/action``.
The URL must be in the form ``trust+http://host/action``.
"""

View File

@ -193,7 +193,7 @@ class TrustZaqarAlarmNotifier(trust.TrustAlarmNotifierMixin,
ZaqarAlarmNotifier):
"""Zaqar notifier using a Keystone trust to post to user-defined queues.
The URL must be in the form ``trust+zaqar://trust_id@?queue_name=example``.
The URL must be in the form ``trust+zaqar://?queue_name=example``.
"""
def _get_client_conf(self, auth_token):