diff options
author | Julia Kreger <juliaashleykreger@gmail.com> | 2023-05-02 17:24:57 -0700 |
---|---|---|
committer | Julia Kreger <juliaashleykreger@gmail.com> | 2023-05-02 17:24:57 -0700 |
commit | c05fdf790c3cab6a18ca5b264e258c5c0016918d (patch) | |
tree | 013355d90d3b232c3aff6d38d7b709e18e9c2b43 | |
parent | f37ea85a2765a9fac580dc031bcf16b3a4e45d98 (diff) | |
download | ironic-python-agent-c05fdf790c3cab6a18ca5b264e258c5c0016918d.tar.gz |
Fix checksum validation logic
The checksum validation logic, which was updated early on in the
whole process of deprecating md5, didn't account for a URL *or* a
longer checksum (i.e. sha256/sha512) which was decided while the
overall approach was being decided.
Fixes the logic, and adds additional tests.
Change-Id: Ic4053776e131fc02ace295a1e69e9f9faab47f42
-rw-r--r-- | ironic_python_agent/extensions/standby.py | 10 | ||||
-rw-r--r-- | ironic_python_agent/tests/unit/extensions/test_standby.py | 14 |
2 files changed, 22 insertions, 2 deletions
diff --git a/ironic_python_agent/extensions/standby.py b/ironic_python_agent/extensions/standby.py index 965ce1ef..90affd75 100644 --- a/ironic_python_agent/extensions/standby.py +++ b/ironic_python_agent/extensions/standby.py @@ -535,6 +535,7 @@ def _validate_image_info(ext, image_info=None, **kwargs): """ image_info = image_info or {} + checksum_avail = False md5sum_avail = False os_hash_checksum_avail = False @@ -553,7 +554,12 @@ def _validate_image_info(ext, image_info=None, **kwargs): or not image_info['checksum']): raise errors.InvalidCommandParamsError( 'Image \'checksum\' must be a non-empty string.') - if CONF.md5_enabled: + if _is_checksum_url(checksum) or len(checksum) > 32: + # Checksum is a URL *or* a greater than 32 characters, + # putting it into the realm of sha256 or sha512 and not + # the MD5 algorithm. + checksum_avail = True + elif CONF.md5_enabled: md5sum_avail = True os_hash_algo = image_info.get('os_hash_algo') @@ -569,7 +575,7 @@ def _validate_image_info(ext, image_info=None, **kwargs): 'Image \'os_hash_value\' must be a non-empty string.') os_hash_checksum_avail = True - if not (md5sum_avail or os_hash_checksum_avail): + if not (checksum_avail or md5sum_avail or os_hash_checksum_avail): raise errors.InvalidCommandParamsError( 'Image checksum is not available, either the \'checksum\' field ' 'or the \'os_hash_algo\' and \'os_hash_value\' fields pair must ' diff --git a/ironic_python_agent/tests/unit/extensions/test_standby.py b/ironic_python_agent/tests/unit/extensions/test_standby.py index fee5ad30..9f5a354b 100644 --- a/ironic_python_agent/tests/unit/extensions/test_standby.py +++ b/ironic_python_agent/tests/unit/extensions/test_standby.py @@ -108,6 +108,20 @@ class TestStandbyExtension(base.IronicAgentTest): del image_info['os_hash_value'] standby._validate_image_info(None, image_info) + def test_validate_image_info_url(self): + image_info = _build_fake_image_info() + image_info['checksum'] = 'https://fake.url' + del image_info['os_hash_algo'] + del image_info['os_hash_value'] + standby._validate_image_info(None, image_info) + + def test_validate_image_info_sha256(self): + image_info = _build_fake_image_info() + image_info['checksum'] = 'a' * 64 + del image_info['os_hash_algo'] + del image_info['os_hash_value'] + standby._validate_image_info(None, image_info) + def test_validate_image_info_legacy_md5_checksum(self): image_info = _build_fake_image_info() del image_info['os_hash_algo'] |