neutron

  1. Bug #1235450
  2. Comment #12

Comment 12 for bug 1235450

Revision history for this message
Aaron Rosen (arosen) wrote : Re: Metadata is unsecure

@Armando - thanks for reviewing. There is such test already:

+ # mismatched X-Tenant-ID
+ response = fake_request(
+ self.stubs, self.mdinst,
+ relpath="/2009-04-04/user-data",
+ address="192.192.192.2",
+ fake_get_metadata_by_instance_id=fake_get_metadata,
+ headers={'X-Forwarded-For': '192.192.192.2',
+ 'X-Instance-ID': 'a-b-c-d',
+ 'X-Tenant-ID': 'FAKE',
+ 'X-Instance-ID-Signature': signed})
+
+ self.assertEqual(response.status_int, 404)