commit 626018b991080c0706df8481e37addefd10c58fa
Author: Ian Wienand <email address hidden>
Date: Thu Aug 31 11:06:28 2017 +1000
Support RFC1738 quoted chars in passwords
In the bug, a user tried setting a devstack password with a "@" in it.
As it turns out, sqlalchmey turns the connection-string into a
sqlalchemy.engine.url.URL object [1] which returns a RFC1738 quoted
string.
However, alembic's set_main_option [2] uses python
string-interpolation which interprets '%' characters. This means you
end up with an interpolation traceback when using any quoted character
(':@/') in a user/password (more likely password).
Avoid this by ensuring the URL is safe for python interpolation in
set_main_option by replacing '%' -> '%%'.
I convinced myself this is safe because sqlalchemy correctly parses
the quoted and unquoted versions just the same
Reviewed: https:/ /review. openstack. org/592210 /git.openstack. org/cgit/ openstack/ glance/ commit/ ?id=626018b9910 80c0706df8481e3 7addefd10c58fa
Committed: https:/
Submitter: Zuul
Branch: stable/rocky
commit 626018b991080c0 706df8481e37add efd10c58fa
Author: Ian Wienand <email address hidden>
Date: Thu Aug 31 11:06:28 2017 +1000
Support RFC1738 quoted chars in passwords
In the bug, a user tried setting a devstack password with a "@" in it.
As it turns out, sqlalchmey turns the connection-string into a engine. url.URL object [1] which returns a RFC1738 quoted
sqlalchemy.
string.
However, alembic's set_main_option [2] uses python interpolation which interprets '%' characters. This means you
string-
end up with an interpolation traceback when using any quoted character
(':@/') in a user/password (more likely password).
Avoid this by ensuring the URL is safe for python interpolation in
set_main_option by replacing '%' -> '%%'.
I convinced myself this is safe because sqlalchemy correctly parses
the quoted and unquoted versions just the same
--- engine. url.make_ url('mysql+ pymysql: //foo:crazy: @/pw@/moo' )) pymysql: //foo:crazy% 3A%40%2Fpw@ /moo' engine. url.make_ url('mysql+ pymysql: //foo:crazy% 3A%40%2Fpw@ /moo')) pymysql: //foo:crazy% 3A%40%2Fpw@ /moo'
>>> str(sqlalchemy.
'mysql+
>>> str(sqlalchemy.
'mysql+
---
A test is added
[1] https:/ /github. com/zzzeek/ sqlalchemy/ blob/master/ lib/sqlalchemy/ engine/ url.py alembic. zzzcomputing. com/en/ latest/ api/config. html#alembic. config. Config. set_main_ option
[2] http://
Change-Id: I3ef7e3e539e35c e040573f2044ab6 eb3c990200a 314a270943d91e8 aa1932f2a4)
Closes-Bug: #1695299
(cherry picked from commit f601cfccf1d8e2e