Modify get_class to ensure that user-defined resources cannot result in
reads from the local filesystem. Only resources defined by the operator
in the global environment should read local files.
To make this work, this patch also adds a separate
get_class_to_instantiate() method to the Environment.
We were previously using get_class for two different purposes - to get a
resource plugin on which we could perform introspection to obtain the
properties and attributes schema, and to get a resource plugin we could
instantiate to create a Resource object. These are both the same except in
the case of a TemplateResource, where having two different use cases for
the same piece of code was adding considerable extra complexity. Combining
the use cases in this way also made the error handling confusing (leading
to bug 1518458).
This change separates out the two cases.
Change-Id: I845e7d23c73242a4a4c9c40599690ab705c75caa
Closes-Bug: #1496277
Related-Bug: #1447194
Related-Bug: #1518458
Related-Bug: #1508115
(cherry picked from commit 06a713c4456203cd561f16721dc8ac3bcbb37a3 and 26e6d5f6d776c1027c4f27058767952a58d15e25)
Reviewed: https:/ /review. openstack. org/269692 /git.openstack. org/cgit/ openstack/ heat/commit/ ?id=fa19a617a79 fd1cb0d892bb8ea 87c4b9f6398c34
Committed: https:/
Submitter: Jenkins
Branch: stable/kilo
commit fa19a617a79fd1c b0d892bb8ea87c4 b9f6398c34
Author: Zane Bitter <email address hidden>
Date: Tue Nov 24 12:29:38 2015 -0500
Load template files only from their known source
Modify get_class to ensure that user-defined resources cannot result in
reads from the local filesystem. Only resources defined by the operator
in the global environment should read local files.
To make this work, this patch also adds a separate class_to_ instantiate( ) method to the Environment.
get_
We were previously using get_class for two different purposes - to get a
resource plugin on which we could perform introspection to obtain the
properties and attributes schema, and to get a resource plugin we could
instantiate to create a Resource object. These are both the same except in
the case of a TemplateResource, where having two different use cases for
the same piece of code was adding considerable extra complexity. Combining
the use cases in this way also made the error handling confusing (leading
to bug 1518458).
This change separates out the two cases.
Change-Id: I845e7d23c73242 a4a4c9c40599690 ab705c75caa d561f16721dc8ac 3bcbb37a3
and 26e6d5f6d776c10 27c4f2705876795 2a58d15e25)
Closes-Bug: #1496277
Related-Bug: #1447194
Related-Bug: #1518458
Related-Bug: #1508115
(cherry picked from commit 06a713c4456203c