Barbican

API Container - Perform validation of secret URIs when creating and adding to a container

Bug #1423282 reported by John Wood
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Barbican
Fix Released
Medium
Igor Gueths
Barbican 2015.1.0 "kilo"

Bug Description

Currently when a Container is POST-ed to Barbican, only the UUID at the end of the provided list of secrets HATEOAS references in the JSON payload are used to form the Container. This item calls for validating that these HATEOAS references are indeed correct references that resolve to the Barbican server's host.

John Wood (john-wood-w)
Changed in barbican:
assignee: nobody → Igor Gueths (igor-gueths)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to barbican (master)

Fix proposed to branch: master
Review: https://review.openstack.org/161417

Changed in barbican:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to barbican (master)

Reviewed: https://review.openstack.org/161417
Committed: https://git.openstack.org/cgit/openstack/barbican/commit/?id=2e708318e998e1adfe12b547fab8414ad0a34952
Submitter: Jenkins
Branch: master

commit 2e708318e998e1adfe12b547fab8414ad0a34952
Author: Igor Gueths <email address hidden>
Date: Wed Mar 4 14:38:44 2015 -0600

    Ensure that external secret refs cannot be added to containers

    Prior to this change, it was possible for one to point secret_refs to
    arbitrary locations, especially in the context of adding secrets to a
    container given that the hostname part of the secret_ref was being
    ignored. Since we are now checking secret_refs against the
    configured hostname of the Barbican instance, this is no longer
    possible. In other words, this is just some extra validation to ensure
    that parameters remain consistent with the Barbican instance
    configuration.
    Closes-Bug: 1423282

    Change-Id: Ife1d66f234050e3150a879e76142b68f8f72a524

Changed in barbican:
status: In Progress → Fix Committed
Douglas Mendizábal (dougmendizabal)
Changed in barbican:
milestone: none → kilo-3
importance: Wishlist → Medium
Thierry Carrez (ttx)
Changed in barbican:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in barbican:
milestone: kilo-3 → 2015.1.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.