From cb90d3ad472bba8d648803ca94a9196dff97f0e8 Mon Sep 17 00:00:00 2001
From: Zane Bitter <zbitter@redhat.com>
Date: Tue, 15 Aug 2017 12:19:08 +0200
Subject: [PATCH] Don't allow the user to pass in a trust ID

Since Aodh uses trust IDs stored in alarm URLs unconditionally - without
checking for tenant safety - it is not safe to allow users to pass in their own
trust IDs. Forbid this and allow only trusts created by Aodh to be used. It is
highly unlikely that there is any (legitimate) use of this feature in the wild,
since allowing Aodh to create the trust is easier anyway.

Change-Id: I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851
Closes-Bug: #1649333
---
 aodh/api/controllers/v2/alarms.py | 3 ++-
 aodh/notifier/trust.py            | 2 +-
 aodh/notifier/zaqar.py            | 2 +-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/aodh/api/controllers/v2/alarms.py b/aodh/api/controllers/v2/alarms.py
index 823edbf1d..ceb3931d8 100644
--- a/aodh/api/controllers/v2/alarms.py
+++ b/aodh/api/controllers/v2/alarms.py
@@ -423,7 +423,8 @@ class Alarm(base.Base):
                     url = netutils.urlsplit(action)
                     if self._is_trust_url(url):
                         if '@' in url.netloc:
-                            continue
+                            errmsg = _("trust URL cannot contain a trust ID.")
+                            raise base.ClientSideError(errmsg)
                         if trust_id is None:
                             # We have a trust action without a trust ID,
                             # create it
diff --git a/aodh/notifier/trust.py b/aodh/notifier/trust.py
index 0cf24c34c..1cbc38d44 100644
--- a/aodh/notifier/trust.py
+++ b/aodh/notifier/trust.py
@@ -55,5 +55,5 @@ class TrustRestAlarmNotifier(TrustAlarmNotifierMixin, rest.RestAlarmNotifier):
     keystone authentication. It uses the aodh service user to
     authenticate using the trust ID provided.
 
-    The URL must be in the form ``trust+http://trust-id@host/action``.
+    The URL must be in the form ``trust+http://host/action``.
     """
diff --git a/aodh/notifier/zaqar.py b/aodh/notifier/zaqar.py
index e3a30a9a6..67474938c 100644
--- a/aodh/notifier/zaqar.py
+++ b/aodh/notifier/zaqar.py
@@ -193,7 +193,7 @@ class TrustZaqarAlarmNotifier(trust.TrustAlarmNotifierMixin,
                               ZaqarAlarmNotifier):
     """Zaqar notifier using a Keystone trust to post to user-defined queues.
 
-    The URL must be in the form ``trust+zaqar://trust_id@?queue_name=example``.
+    The URL must be in the form ``trust+zaqar://?queue_name=example``.
     """
 
     def _get_client_conf(self, auth_token):