diff options
author | Iury Gregory Melo Ferreira <imelofer@redhat.com> | 2020-03-18 16:56:19 +0100 |
---|---|---|
committer | Iury Gregory Melo Ferreira <imelofer@redhat.com> | 2020-03-20 20:29:58 +0100 |
commit | 1425adbb0572d6280ae70635baa53b0d9291ac07 (patch) | |
tree | 943deab5a229f5629d088c94f36543fc0b4df8d0 /ironic | |
parent | 5221f7792e4c584ba1aa7fa7a87612a31a6a1c6a (diff) | |
download | ironic-1425adbb0572d6280ae70635baa53b0d9291ac07.tar.gz |
Do not use random to generate token
To avoid problems with FIPS 140-2 let's generate
the token using the secrets module instead of random.
Change-Id: I90c3c94112d093e2309414b9902f58d31d925ad3
Story: 2007444
Task: 39104
Diffstat (limited to 'ironic')
-rw-r--r-- | ironic/conductor/utils.py | 7 | ||||
-rw-r--r-- | ironic/tests/unit/conductor/test_utils.py | 3 |
2 files changed, 3 insertions, 7 deletions
diff --git a/ironic/conductor/utils.py b/ironic/conductor/utils.py index 2d97d655c..ee14dce50 100644 --- a/ironic/conductor/utils.py +++ b/ironic/conductor/utils.py @@ -15,8 +15,7 @@ import contextlib import datetime from distutils.version import StrictVersion -import random -import string +import secrets import time from openstack.baremetal import configdrive as os_configdrive @@ -1019,9 +1018,7 @@ def add_secret_token(node, pregenerated=False): order to facilitate virtual media booting where the token is embedded into the configuration. """ - characters = string.ascii_letters + string.digits - token = ''.join( - random.SystemRandom().choice(characters) for i in range(128)) + token = secrets.token_urlsafe() i_info = node.driver_internal_info i_info['agent_secret_token'] = token if pregenerated: diff --git a/ironic/tests/unit/conductor/test_utils.py b/ironic/tests/unit/conductor/test_utils.py index 6a437debe..23127efe2 100644 --- a/ironic/tests/unit/conductor/test_utils.py +++ b/ironic/tests/unit/conductor/test_utils.py @@ -2030,8 +2030,7 @@ class AgentTokenUtilsTestCase(tests_base.TestCase): def test_add_secret_token(self): self.assertNotIn('agent_secret_token', self.node.driver_internal_info) conductor_utils.add_secret_token(self.node) - self.assertEqual( - 128, len(self.node.driver_internal_info['agent_secret_token'])) + self.assertIn('agent_secret_token', self.node.driver_internal_info) def test_del_secret_token(self): conductor_utils.add_secret_token(self.node) |