diff options
| author | Rabi Mishra <ramishra@redhat.com> | 2020-06-03 18:18:23 +0530 |
|---|---|---|
| committer | Rabi Mishra <ramishra@redhat.com> | 2020-06-25 14:51:54 +0530 |
| commit | 95296e55c6c4638ffa0e55f75d8fa6a83c974a95 (patch) | |
| tree | 4044aba579396ea33c54f3194dc90a342eb812d1 /heat/engine/resources/wait_condition.py | |
| parent | 28ae099708185b5e2c476b48d0674dc32e315d50 (diff) | |
| download | heat-95296e55c6c4638ffa0e55f75d8fa6a83c974a95.tar.gz | |
Don't store signal_url for ec2 signaling of deployments
As part of a CVE keystone has started checking[1] the timestamp
of signed ec2 token with default TTL of 15 mins. We can't
store the ec2 url anymore for future use for those.
This moves the caching logic to BaseWaitConditionHandle class.
Conflicts:
heat/engine/resources/signal_responder.py
heat/tests/test_signal.py
[1] https://review.opendev.org/#/c/724124/
Change-Id: I6b74faed820caccd39210bd48a212b2dedca46b9
Task: 39985
Related-Bug: #1872737
(cherry picked from commit 3047ca7d36baaa59ab2960602da956d2087a2a62)
Diffstat (limited to 'heat/engine/resources/wait_condition.py')
| -rw-r--r-- | heat/engine/resources/wait_condition.py | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/heat/engine/resources/wait_condition.py b/heat/engine/resources/wait_condition.py index 87d797237..4fd25b899 100644 --- a/heat/engine/resources/wait_condition.py +++ b/heat/engine/resources/wait_condition.py @@ -41,6 +41,15 @@ class BaseWaitConditionHandle(signal_responder.SignalResponder): 'SUCCESS', ) + def _get_ec2_signed_url(self, signal_type=signal_responder.WAITCONDITION): + stored = self.data().get('ec2_signed_url') + if stored is not None: + return stored + url = super(BaseWaitConditionHandle, + self)._get_ec2_signed_url(signal_type) + self.data_set('ec2_signed_url', url) + return url + def handle_create(self): super(BaseWaitConditionHandle, self).handle_create() self.resource_id_set(self._get_user_id()) |