Don't allow the user to pass in a trust ID

Since Aodh uses trust IDs stored in alarm URLs unconditionally - without checking for tenant safety - it is not safe to allow users to pass in their own trust IDs. Forbid this and allow only trusts created by Aodh to be used. It is highly unlikely that there is any (legitimate) use of this feature in the wild, since allowing Aodh to create the trust is easier anyway. (cherry-picked from cb90d3ad47) Change-Id: I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 Closes-Bug: #1649333
2017-08-15 12:19:08 +02:00 · 2017-08-15 12:19:08 +02:00 · 1f954b3b82
parent f87e0d05c4
commit 1f954b3b82
2 changed files with 4 additions and 1 deletions
--- a/aodh/api/controllers/v2/alarms.py
+++ b/aodh/api/controllers/v2/alarms.py
@ -412,6 +412,9 @@ class Alarm(base.Base):
                            url = list(url)
                            url[1] = netloc
                            actions[index] = urlparse.urlunsplit(url)
+                        else:
+                            errmsg = _("trust URL cannot contain a trust ID.")
+                            raise base.ClientSideError(errmsg)
        if old_alarm:
            new_actions = list(itertools.chain(
                self.ok_actions or [],
--- a/aodh/notifier/trust.py
+++ b/aodh/notifier/trust.py
@ -27,7 +27,7 @@ class TrustRestAlarmNotifier(rest.RestAlarmNotifier):
    keystone authentication. It uses the aodh service user to
    authenticate using the trust ID provided.

-    The URL must be in the form trust+http://trust-id@host/action.
+    The URL must be in the form trust+http://host/action.
    """

    def notify(self, action, alarm_id, alarm_name, severity, previous, current,