Replace md5 with oslo version

This follows what was already done in the other projects like [1]. In FIPS mode, md5 is allowed only in non-security contexts. This change disables the security context in the md5 call to determine the hash for workload partitioning, because this usage does not involve any security risks. [1] 8027d907109b6b3c96623f9793aff752cec8ed12 Change-Id: I7d622a6e7d324a765760819c024295b57990f95c
2024-01-31 16:56:35 +09:00 · 2024-01-31 16:56:35 +09:00 · fd87af8719
parent 3d49da3ce6
commit fd87af8719
2 changed files with 4 additions and 4 deletions
--- a/aodh/coordination.py
+++ b/aodh/coordination.py
@ -13,12 +13,12 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 import bisect
-import hashlib
 import struct

 from oslo_config import cfg
 from oslo_log import log
 from oslo_utils import encodeutils
+from oslo_utils.secretutils import md5
 from oslo_utils import uuidutils
 import tenacity
 import tooz.coordination
@ -78,8 +78,8 @@ class HashRing(object):

    @staticmethod
    def _hash(key):
-        return struct.unpack_from('>I',
-                                  hashlib.md5(str(key).encode()).digest())[0]
+        return struct.unpack_from(
+            '>I', md5(str(key).encode(), usedforsecurity=False).digest())[0]

    def _get_position_on_ring(self, key):
        hashed_key = self._hash(key)
--- a/requirements.txt
+++ b/requirements.txt
@ -17,7 +17,7 @@ pbr>=2.0.0 # Apache-2.0
 pecan>=0.8.0
 oslo.messaging>=5.2.0 # Apache-2.0
 oslo.middleware>=3.22.0 # Apache-2.0
-oslo.utils>=3.5.0 # Apache-2.0
+oslo.utils>=4.7.0 # Apache-2.0
 python-keystoneclient>=1.6.0
 pytz>=2013.6
 requests>=2.5.2