Engine: validate auth_encryption_key
When using a string with a length != 16, 24, or 32 as value for the auth_encryption_key parameter in the /etc/heat/heat.conf file it is not possible to create new stacks. Creating a new stack (and probably anything else) will fail with the following exception: ValueError: AES key must be either 16, 24, or 32 bytes long. Change-Id: I4e35cf0f782f22861319d05a3f028e5784ad26d5 Closes-bug: #1415887
This commit is contained in:
parent
2d33876661
commit
23d58ec2b6
|
@ -5,6 +5,7 @@
|
|||
# === Parameters
|
||||
# [*auth_encryption_key*]
|
||||
# (required) Encryption key used for authentication info in database
|
||||
# Must be either 16, 24, or 32 bytes long.
|
||||
#
|
||||
# [*package_ensure*]
|
||||
# (Optional) Ensure state for package.
|
||||
|
@ -72,6 +73,15 @@ class heat::engine (
|
|||
$configure_delegated_roles = true, #DEPRECATED
|
||||
) {
|
||||
|
||||
# Validate Heat Engine AES key
|
||||
# must be either 16, 24, or 32 bytes long
|
||||
# https://bugs.launchpad.net/heat/+bug/1415887
|
||||
$allowed_sizes = ['16','24','32']
|
||||
$param_size = size($auth_encryption_key)
|
||||
if ! (member($allowed_sizes, "${param_size}")) { # lint:ignore:only_variable_string
|
||||
fail("${param_size} is not a correct size for auth_encryption_key parameter, it must be either 16, 24, 32 bytes long.")
|
||||
}
|
||||
|
||||
include ::heat
|
||||
include ::heat::params
|
||||
|
||||
|
|
|
@ -19,8 +19,8 @@ describe 'heat::engine' do
|
|||
shared_examples_for 'heat-engine' do
|
||||
[
|
||||
{},
|
||||
{ :auth_encryption_key => '1234567890AZERTYUIOPMLKJHGFDSQ' },
|
||||
{ :auth_encryption_key => 'foodummybar',
|
||||
{ :auth_encryption_key => '1234567890AZERTYUIOPMLKJHGFDSQ12' },
|
||||
{ :auth_encryption_key => '0234567890AZERTYUIOPMLKJHGFDSQ24',
|
||||
:enabled => false,
|
||||
:heat_stack_user_role => 'heat_stack_user',
|
||||
:heat_metadata_server_url => 'http://127.0.0.1:8000',
|
||||
|
@ -114,6 +114,13 @@ describe 'heat::engine' do
|
|||
)
|
||||
end
|
||||
end
|
||||
context 'with wrong auth_encryption_key parameter size' do
|
||||
before do
|
||||
params.merge!({
|
||||
:auth_encryption_key => 'hello' })
|
||||
end
|
||||
it_raises 'a Puppet::Error', /5 is not a correct size for auth_encryption_key parameter, it must be either 16, 24, 32 bytes long./
|
||||
end
|
||||
end
|
||||
|
||||
context 'on Debian platforms' do
|
||||
|
|
|
@ -154,7 +154,7 @@ describe 'heat::keystone::auth' do
|
|||
context 'when configuring delegated roles' do
|
||||
let :pre_condition do
|
||||
"class { 'heat::engine':
|
||||
auth_encryption_key => 'abcdef',
|
||||
auth_encryption_key => '1234567890AZERTYUIOPMLKJHGFDSQ12',
|
||||
configure_delegated_roles => false,
|
||||
}
|
||||
"
|
||||
|
@ -179,7 +179,7 @@ describe 'heat::keystone::auth' do
|
|||
describe 'with deprecated and new params both set' do
|
||||
let :pre_condition do
|
||||
"class { 'heat::engine':
|
||||
auth_encryption_key => 'abcdef',
|
||||
auth_encryption_key => '1234567890AZERTYUIOPMLKJHGFDSQ12',
|
||||
}
|
||||
"
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue