Revert "Fix Brocade FC SAN lookup MITM vulnerability"

This reverts commit ab4f57212683baec45d5b682bdd3952ff58249ed.

The change is being reverted as it broke the Brocade FC SAN lookup
functionality.  The change uses configuration options from
ssh_utils that are not initialized when the Brocade driver is
run causing an exception to be thrown complaining that
CONF.ssh_hosts_key_file is used before it is initialized.

The right solution is to change the Brocade driver to use ssh_utils to
make SSH connections.

Conflicts:

	cinder/zonemanager/drivers/brocade/brcd_fc_san_lookup_service.py

Change-Id: I7814c3da9c0e6fcf3143969e74304a48cafcb3d1
Closes-bug: 1398488
(cherry-picked from commit 57103807c5e7fad7276f97ac82f8704f17f4b846)

2 files changed, 17 insertions, 20 deletions

diff --git a/cinder/tests/zonemanager/test_brcd_fc_san_lookup_service.py b/cinder/tests/zonemanager/test_brcd_fc_san_lookup_service.py
index 43aa1e12e..e138d452a 100644
--- a/cinder/tests/zonemanager/test_brcd_fc_san_lookup_service.py
+++ b/cinder/tests/zonemanager/test_brcd_fc_san_lookup_service.py
@@ -42,8 +42,6 @@ _device_map_to_verify = {
         'initiator_port_wwn_list': ['10008c7cff523b01'],
         'target_port_wwn_list': ['20240002ac000a50']}}
 
-CONF = cfg.CONF
-
 
 class TestBrcdFCSanLookupService(brcd_lookup.BrcdFCSanLookupService,
                                  test.TestCase):
@@ -79,14 +77,16 @@ class TestBrcdFCSanLookupService(brcd_lookup.BrcdFCSanLookupService,
 
     @mock.patch.object(paramiko.hostkeys.HostKeys, 'load')
     def test_create_ssh_client(self, load_mock):
-        CONF.ssh_hosts_key_file = 'dummy_host_key_file'
-        CONF.strict_ssh_host_key_policy = True
-        ssh_client = self.create_ssh_client()
+        mock_args = {}
+        mock_args['known_hosts_file'] = 'dummy_host_key_file'
+        mock_args['missing_key_policy'] = paramiko.RejectPolicy()
+        ssh_client = self.create_ssh_client(**mock_args)
         self.assertEqual(ssh_client._host_keys_filename, 'dummy_host_key_file')
         self.assertTrue(isinstance(ssh_client._policy, paramiko.RejectPolicy))
-        CONF.strict_ssh_host_key_policy = False
-        ssh_client = self.create_ssh_client()
-        self.assertTrue(isinstance(ssh_client._policy, paramiko.AutoAddPolicy))
+        mock_args = {}
+        ssh_client = self.create_ssh_client(**mock_args)
+        self.assertIsNone(ssh_client._host_keys_filename)
+        self.assertTrue(isinstance(ssh_client._policy, paramiko.WarningPolicy))
 
     @mock.patch.object(brcd_lookup.BrcdFCSanLookupService,
                        'get_nameserver_info')
diff --git a/cinder/zonemanager/drivers/brocade/brcd_fc_san_lookup_service.py b/cinder/zonemanager/drivers/brocade/brcd_fc_san_lookup_service.py
index 8c64cb178..b715e5337 100644
--- a/cinder/zonemanager/drivers/brocade/brcd_fc_san_lookup_service.py
+++ b/cinder/zonemanager/drivers/brocade/brcd_fc_san_lookup_service.py
@@ -17,7 +17,6 @@
 #
 
 
-from oslo.config import cfg
 import paramiko
 
 from cinder import exception
@@ -31,8 +30,6 @@ from cinder.zonemanager.fc_san_lookup_service import FCSanLookupService
 
 LOG = logging.getLogger(__name__)
 
-CONF = cfg.CONF
-
 
 class BrcdFCSanLookupService(FCSanLookupService):
     """The SAN lookup service that talks to Brocade switches.
@@ -49,7 +46,7 @@ class BrcdFCSanLookupService(FCSanLookupService):
         super(BrcdFCSanLookupService, self).__init__(**kwargs)
         self.configuration = kwargs.get('configuration', None)
         self.create_configuration()
-        self.client = self.create_ssh_client()
+        self.client = self.create_ssh_client(**kwargs)
 
     def create_configuration(self):
         """Configuration specific to SAN context values."""
@@ -64,16 +61,16 @@ class BrcdFCSanLookupService(FCSanLookupService):
             self.fabric_configs = fabric_opts.load_fabric_configurations(
                 fabric_names)
 
-    def create_ssh_client(self):
+    def create_ssh_client(self, **kwargs):
         ssh_client = paramiko.SSHClient()
-        known_hosts_file = CONF.ssh_hosts_key_file
-        if not known_hosts_file:
-            raise exception.ParameterNotFound(param='ssh_hosts_key_file')
-        ssh_client.load_host_keys(known_hosts_file)
-        if CONF.strict_ssh_host_key_policy:
-            missing_key_policy = paramiko.RejectPolicy()
+        known_hosts_file = kwargs.get('known_hosts_file', None)
+        if known_hosts_file is None:
+            ssh_client.load_system_host_keys()
         else:
-            missing_key_policy = paramiko.AutoAddPolicy()
+            ssh_client.load_host_keys(known_hosts_file)
+        missing_key_policy = kwargs.get('missing_key_policy', None)
+        if missing_key_policy is None:
+            missing_key_policy = paramiko.WarningPolicy()
         ssh_client.set_missing_host_key_policy(missing_key_policy)
         return ssh_client