TBH I don't think restricting to opening paths in /etc/heat/templates is enough - we should *never* read *any* server-side files as a result of user provided type: filename or (user) resource_registry entries - that (AIUI) is the whole point of the allowed schemes in TemplateResource?
The /etc/heat/templates is only for consumption via the *global* environment, e.g template authors should *only* have access to those templates via their global resource_registry alias as defined in /etc/heat/environment.d - or at least that's the way I thought this was supposed to work?
@Angus - thanks for picking this up!
TBH I don't think restricting to opening paths in /etc/heat/templates is enough - we should *never* read *any* server-side files as a result of user provided type: filename or (user) resource_registry entries - that (AIUI) is the whole point of the allowed schemes in TemplateResource?
The /etc/heat/templates is only for consumption via the *global* environment, e.g template authors should *only* have access to those templates via their global resource_registry alias as defined in /etc/heat/ environment. d - or at least that's the way I thought this was supposed to work?