Code move for metadata signature function
Move _sign_instance_id to common utils for distributed metadata. Partially-Implements: blueprint distributed-metadata-datapath Change-Id: I0ef9330232e2ed5dbda6e45917c291c7385d1e0d
This commit is contained in:
parent
100abfc043
commit
b7d04d5d92
|
@ -12,8 +12,6 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import hashlib
|
||||
import hmac
|
||||
import urllib
|
||||
|
||||
import netaddr
|
||||
|
@ -27,7 +25,6 @@ from oslo_config import cfg
|
|||
from oslo_log import log as logging
|
||||
import oslo_messaging
|
||||
from oslo_service import loopingcall
|
||||
from oslo_utils import encodeutils
|
||||
from oslo_utils import netutils
|
||||
import requests
|
||||
import webob
|
||||
|
@ -37,6 +34,7 @@ from neutron.agent.linux import utils as agent_utils
|
|||
from neutron.agent import rpc as agent_rpc
|
||||
from neutron.common import cache_utils as cache
|
||||
from neutron.common import ipv6_utils
|
||||
from neutron.common import utils as common_utils
|
||||
from neutron.conf.agent.metadata import config
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
@ -228,7 +226,8 @@ class MetadataProxyHandler(object):
|
|||
'X-Forwarded-For': req.headers.get('X-Forwarded-For'),
|
||||
'X-Instance-ID': instance_id,
|
||||
'X-Tenant-ID': tenant_id,
|
||||
'X-Instance-ID-Signature': self._sign_instance_id(instance_id)
|
||||
'X-Instance-ID-Signature': common_utils.sign_instance_id(
|
||||
self.conf, instance_id)
|
||||
}
|
||||
|
||||
nova_host_port = ipv6_utils.valid_ipv6_url(
|
||||
|
@ -287,12 +286,6 @@ class MetadataProxyHandler(object):
|
|||
raise Exception(_('Unexpected response code: %s') %
|
||||
resp.status_code)
|
||||
|
||||
def _sign_instance_id(self, instance_id):
|
||||
secret = self.conf.metadata_proxy_shared_secret
|
||||
secret = encodeutils.to_utf8(secret)
|
||||
instance_id = encodeutils.to_utf8(instance_id)
|
||||
return hmac.new(secret, instance_id, hashlib.sha256).hexdigest()
|
||||
|
||||
|
||||
class UnixDomainMetadataProxy(object):
|
||||
|
||||
|
|
|
@ -12,8 +12,6 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import hashlib
|
||||
import hmac
|
||||
import threading
|
||||
import urllib
|
||||
|
||||
|
@ -22,13 +20,13 @@ from neutron.agent.linux import utils as agent_utils
|
|||
from neutron.agent.ovn.metadata import ovsdb
|
||||
from neutron.common import ipv6_utils
|
||||
from neutron.common.ovn import constants as ovn_const
|
||||
from neutron.common import utils as common_utils
|
||||
from neutron.conf.agent.metadata import config
|
||||
from neutron_lib.callbacks import events
|
||||
from neutron_lib.callbacks import registry
|
||||
from neutron_lib.callbacks import resources
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log as logging
|
||||
from oslo_utils import encodeutils
|
||||
import requests
|
||||
import webob
|
||||
|
||||
|
@ -125,7 +123,8 @@ class MetadataProxyHandler(object):
|
|||
'X-Forwarded-For': req.headers.get('X-Forwarded-For'),
|
||||
'X-Instance-ID': instance_id,
|
||||
'X-Tenant-ID': tenant_id,
|
||||
'X-Instance-ID-Signature': self._sign_instance_id(instance_id)
|
||||
'X-Instance-ID-Signature': common_utils.sign_instance_id(
|
||||
self.conf, instance_id)
|
||||
}
|
||||
|
||||
nova_host_port = ipv6_utils.valid_ipv6_url(
|
||||
|
@ -184,12 +183,6 @@ class MetadataProxyHandler(object):
|
|||
raise Exception(_('Unexpected response code: %s') %
|
||||
resp.status_code)
|
||||
|
||||
def _sign_instance_id(self, instance_id):
|
||||
secret = self.conf.metadata_proxy_shared_secret
|
||||
secret = encodeutils.to_utf8(secret)
|
||||
instance_id = encodeutils.to_utf8(instance_id)
|
||||
return hmac.new(secret, instance_id, hashlib.sha256).hexdigest()
|
||||
|
||||
|
||||
class UnixDomainMetadataProxy(object):
|
||||
|
||||
|
|
|
@ -19,6 +19,8 @@
|
|||
"""Utilities and helper functions."""
|
||||
|
||||
import functools
|
||||
import hashlib
|
||||
import hmac
|
||||
import importlib
|
||||
import os
|
||||
import os.path
|
||||
|
@ -44,6 +46,7 @@ from neutron_lib.utils import helpers
|
|||
from oslo_config import cfg
|
||||
from oslo_db import exception as db_exc
|
||||
from oslo_log import log as logging
|
||||
from oslo_utils import encodeutils
|
||||
from oslo_utils import excutils
|
||||
from oslo_utils import timeutils
|
||||
from oslo_utils import uuidutils
|
||||
|
@ -1041,3 +1044,10 @@ def effective_qos_policy_id(resource):
|
|||
"""
|
||||
return (resource.get(qos_consts.QOS_POLICY_ID) or
|
||||
resource.get(qos_consts.QOS_NETWORK_POLICY_ID))
|
||||
|
||||
|
||||
def sign_instance_id(conf, instance_id):
|
||||
secret = conf.metadata_proxy_shared_secret
|
||||
secret = encodeutils.to_utf8(secret)
|
||||
instance_id = encodeutils.to_utf8(instance_id)
|
||||
return hmac.new(secret, instance_id, hashlib.sha256).hexdigest()
|
||||
|
|
|
@ -416,7 +416,7 @@ class _TestMetadataProxyHandlerCacheMixin(object):
|
|||
resp.status.__str__.side_effect = AttributeError
|
||||
resp.content = 'content'
|
||||
req.response = resp
|
||||
with mock.patch.object(self.handler, '_sign_instance_id') as sign:
|
||||
with mock.patch.object(utils, 'sign_instance_id') as sign:
|
||||
sign.return_value = 'signed'
|
||||
with mock.patch('requests.request') as mock_request:
|
||||
resp.headers = {'content-type': 'text/plain'}
|
||||
|
@ -472,12 +472,6 @@ class _TestMetadataProxyHandlerCacheMixin(object):
|
|||
with testtools.ExpectedException(Exception):
|
||||
self._proxy_request_test_helper(302)
|
||||
|
||||
def test_sign_instance_id(self):
|
||||
self.assertEqual(
|
||||
'773ba44693c7553d6ee20f61ea5d2757a9a4f4a44d2841ae4e95b52e4cd62db4',
|
||||
self.handler._sign_instance_id('foo')
|
||||
)
|
||||
|
||||
|
||||
class TestMetadataProxyHandlerNewCache(TestMetadataProxyHandlerBase,
|
||||
_TestMetadataProxyHandlerCacheMixin):
|
||||
|
|
|
@ -23,6 +23,7 @@ import webob
|
|||
|
||||
from neutron.agent.linux import utils as agent_utils
|
||||
from neutron.agent.ovn.metadata import server as agent
|
||||
from neutron.common import utils as common_utils
|
||||
from neutron.conf.agent.metadata import config as meta_conf
|
||||
from neutron.conf.agent.ovn.metadata import config as ovn_meta_conf
|
||||
from neutron.tests import base
|
||||
|
@ -148,7 +149,7 @@ class TestMetadataProxyHandler(base.BaseTestCase):
|
|||
resp.status.__str__.side_effect = AttributeError
|
||||
resp.content = 'content'
|
||||
req.response = resp
|
||||
with mock.patch.object(self.handler, '_sign_instance_id') as sign:
|
||||
with mock.patch.object(common_utils, 'sign_instance_id') as sign:
|
||||
sign.return_value = 'signed'
|
||||
with mock.patch('requests.request') as mock_request:
|
||||
resp.headers = {'content-type': 'text/plain'}
|
||||
|
@ -204,12 +205,6 @@ class TestMetadataProxyHandler(base.BaseTestCase):
|
|||
with testtools.ExpectedException(Exception):
|
||||
self._proxy_request_test_helper(302)
|
||||
|
||||
def test_sign_instance_id(self):
|
||||
self.assertEqual(
|
||||
self.handler._sign_instance_id('foo'),
|
||||
'773ba44693c7553d6ee20f61ea5d2757a9a4f4a44d2841ae4e95b52e4cd62db4'
|
||||
)
|
||||
|
||||
|
||||
class TestUnixDomainMetadataProxy(base.BaseTestCase):
|
||||
def setUp(self):
|
||||
|
|
|
@ -625,3 +625,14 @@ class SkipDecoratorTestCase(base.BaseTestCase):
|
|||
raise AttributeError()
|
||||
|
||||
self.assertRaises(AttributeError, raise_attribute_error)
|
||||
|
||||
|
||||
class SignatureTestCase(base.BaseTestCase):
|
||||
|
||||
def test_sign_instance_id(self):
|
||||
conf = mock.Mock()
|
||||
conf.metadata_proxy_shared_secret = 'secret'
|
||||
self.assertEqual(
|
||||
'773ba44693c7553d6ee20f61ea5d2757a9a4f4a44d2841ae4e95b52e4cd62db4',
|
||||
utils.sign_instance_id(conf, 'foo')
|
||||
)
|
||||
|
|
Loading…
Reference in New Issue