Code move for metadata signature function

Move _sign_instance_id to common utils for distributed metadata. Partially-Implements: blueprint distributed-metadata-datapath Change-Id: I0ef9330232e2ed5dbda6e45917c291c7385d1e0d
2022-10-19 10:07:45 +08:00 · 2022-10-19 10:07:45 +08:00 · b7d04d5d92
parent 100abfc043
commit b7d04d5d92
6 changed files with 30 additions and 34 deletions
--- a/neutron/agent/metadata/agent.py
+++ b/neutron/agent/metadata/agent.py
@ -12,8 +12,6 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.

-import hashlib
-import hmac
 import urllib

 import netaddr
@ -27,7 +25,6 @@ from oslo_config import cfg
 from oslo_log import log as logging
 import oslo_messaging
 from oslo_service import loopingcall
-from oslo_utils import encodeutils
 from oslo_utils import netutils
 import requests
 import webob
@ -37,6 +34,7 @@ from neutron.agent.linux import utils as agent_utils
 from neutron.agent import rpc as agent_rpc
 from neutron.common import cache_utils as cache
 from neutron.common import ipv6_utils
+from neutron.common import utils as common_utils
 from neutron.conf.agent.metadata import config

 LOG = logging.getLogger(__name__)
@ -228,7 +226,8 @@ class MetadataProxyHandler(object):
            'X-Forwarded-For': req.headers.get('X-Forwarded-For'),
            'X-Instance-ID': instance_id,
            'X-Tenant-ID': tenant_id,
-            'X-Instance-ID-Signature': self._sign_instance_id(instance_id)
+            'X-Instance-ID-Signature': common_utils.sign_instance_id(
+                self.conf, instance_id)
        }

        nova_host_port = ipv6_utils.valid_ipv6_url(
@ -287,12 +286,6 @@ class MetadataProxyHandler(object):
            raise Exception(_('Unexpected response code: %s') %
                            resp.status_code)

-    def _sign_instance_id(self, instance_id):
-        secret = self.conf.metadata_proxy_shared_secret
-        secret = encodeutils.to_utf8(secret)
-        instance_id = encodeutils.to_utf8(instance_id)
-        return hmac.new(secret, instance_id, hashlib.sha256).hexdigest()
-

 class UnixDomainMetadataProxy(object):

--- a/neutron/agent/ovn/metadata/server.py
+++ b/neutron/agent/ovn/metadata/server.py
@ -12,8 +12,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

-import hashlib
-import hmac
 import threading
 import urllib

@ -22,13 +20,13 @@ from neutron.agent.linux import utils as agent_utils
 from neutron.agent.ovn.metadata import ovsdb
 from neutron.common import ipv6_utils
 from neutron.common.ovn import constants as ovn_const
+from neutron.common import utils as common_utils
 from neutron.conf.agent.metadata import config
 from neutron_lib.callbacks import events
 from neutron_lib.callbacks import registry
 from neutron_lib.callbacks import resources
 from oslo_config import cfg
 from oslo_log import log as logging
-from oslo_utils import encodeutils
 import requests
 import webob

@ -125,7 +123,8 @@ class MetadataProxyHandler(object):
            'X-Forwarded-For': req.headers.get('X-Forwarded-For'),
            'X-Instance-ID': instance_id,
            'X-Tenant-ID': tenant_id,
-            'X-Instance-ID-Signature': self._sign_instance_id(instance_id)
+            'X-Instance-ID-Signature': common_utils.sign_instance_id(
+                self.conf, instance_id)
        }

        nova_host_port = ipv6_utils.valid_ipv6_url(
@ -184,12 +183,6 @@ class MetadataProxyHandler(object):
            raise Exception(_('Unexpected response code: %s') %
                            resp.status_code)

-    def _sign_instance_id(self, instance_id):
-        secret = self.conf.metadata_proxy_shared_secret
-        secret = encodeutils.to_utf8(secret)
-        instance_id = encodeutils.to_utf8(instance_id)
-        return hmac.new(secret, instance_id, hashlib.sha256).hexdigest()
-

 class UnixDomainMetadataProxy(object):

--- a/neutron/common/utils.py
+++ b/neutron/common/utils.py
@ -19,6 +19,8 @@
 """Utilities and helper functions."""

 import functools
+import hashlib
+import hmac
 import importlib
 import os
 import os.path
@ -44,6 +46,7 @@ from neutron_lib.utils import helpers
 from oslo_config import cfg
 from oslo_db import exception as db_exc
 from oslo_log import log as logging
+from oslo_utils import encodeutils
 from oslo_utils import excutils
 from oslo_utils import timeutils
 from oslo_utils import uuidutils
@ -1041,3 +1044,10 @@ def effective_qos_policy_id(resource):
    """
    return (resource.get(qos_consts.QOS_POLICY_ID) or
            resource.get(qos_consts.QOS_NETWORK_POLICY_ID))
+
+
+def sign_instance_id(conf, instance_id):
+    secret = conf.metadata_proxy_shared_secret
+    secret = encodeutils.to_utf8(secret)
+    instance_id = encodeutils.to_utf8(instance_id)
+    return hmac.new(secret, instance_id, hashlib.sha256).hexdigest()
--- a/neutron/tests/unit/agent/metadata/test_agent.py
+++ b/neutron/tests/unit/agent/metadata/test_agent.py
@ -416,7 +416,7 @@ class _TestMetadataProxyHandlerCacheMixin(object):
        resp.status.__str__.side_effect = AttributeError
        resp.content = 'content'
        req.response = resp
-        with mock.patch.object(self.handler, '_sign_instance_id') as sign:
+        with mock.patch.object(utils, 'sign_instance_id') as sign:
            sign.return_value = 'signed'
            with mock.patch('requests.request') as mock_request:
                resp.headers = {'content-type': 'text/plain'}
@ -472,12 +472,6 @@ class _TestMetadataProxyHandlerCacheMixin(object):
        with testtools.ExpectedException(Exception):
            self._proxy_request_test_helper(302)

-    def test_sign_instance_id(self):
-        self.assertEqual(
-            '773ba44693c7553d6ee20f61ea5d2757a9a4f4a44d2841ae4e95b52e4cd62db4',
-            self.handler._sign_instance_id('foo')
-        )
-

 class TestMetadataProxyHandlerNewCache(TestMetadataProxyHandlerBase,
                                       _TestMetadataProxyHandlerCacheMixin):
--- a/neutron/tests/unit/agent/ovn/metadata/test_server.py
+++ b/neutron/tests/unit/agent/ovn/metadata/test_server.py
@ -23,6 +23,7 @@ import webob

 from neutron.agent.linux import utils as agent_utils
 from neutron.agent.ovn.metadata import server as agent
+from neutron.common import utils as common_utils
 from neutron.conf.agent.metadata import config as meta_conf
 from neutron.conf.agent.ovn.metadata import config as ovn_meta_conf
 from neutron.tests import base
@ -148,7 +149,7 @@ class TestMetadataProxyHandler(base.BaseTestCase):
        resp.status.__str__.side_effect = AttributeError
        resp.content = 'content'
        req.response = resp
-        with mock.patch.object(self.handler, '_sign_instance_id') as sign:
+        with mock.patch.object(common_utils, 'sign_instance_id') as sign:
            sign.return_value = 'signed'
            with mock.patch('requests.request') as mock_request:
                resp.headers = {'content-type': 'text/plain'}
@ -204,12 +205,6 @@ class TestMetadataProxyHandler(base.BaseTestCase):
        with testtools.ExpectedException(Exception):
            self._proxy_request_test_helper(302)

-    def test_sign_instance_id(self):
-        self.assertEqual(
-            self.handler._sign_instance_id('foo'),
-            '773ba44693c7553d6ee20f61ea5d2757a9a4f4a44d2841ae4e95b52e4cd62db4'
-        )
-

 class TestUnixDomainMetadataProxy(base.BaseTestCase):
    def setUp(self):
--- a/neutron/tests/unit/common/test_utils.py
+++ b/neutron/tests/unit/common/test_utils.py
@ -625,3 +625,14 @@ class SkipDecoratorTestCase(base.BaseTestCase):
            raise AttributeError()

        self.assertRaises(AttributeError, raise_attribute_error)
+
+
+class SignatureTestCase(base.BaseTestCase):
+
+    def test_sign_instance_id(self):
+        conf = mock.Mock()
+        conf.metadata_proxy_shared_secret = 'secret'
+        self.assertEqual(
+            '773ba44693c7553d6ee20f61ea5d2757a9a4f4a44d2841ae4e95b52e4cd62db4',
+            utils.sign_instance_id(conf, 'foo')
+        )