From 3301449e736af81fdbd96fd3f396dd01b02beaf2 Mon Sep 17 00:00:00 2001 From: Matt Riedemann Date: Wed, 3 Apr 2019 22:09:52 -0400 Subject: [PATCH] Remove CellMappingPayload database_connection and transport_url fields Change I019e88fabd1d386c0d6395a7b1969315873485fd in Stein, which is not yet officially released, exposes the unencrypted database_connection URL and MQ transport_url to a CellMapping in the select_destinations versioned notification CellMappingPayload. While notifications are not meant to be consumed by end users of the cloud but only internal services of the deployment, it still seems like a bad idea to give the keys to the nova cell DB and MQ to an external-to-nova service like ceilometer. This change removes the fields from the CellMappingPayload and bumps the major version to 2.0 to signal the change to consumers, although I don't expect anything is consuming this yet but we should follow standard versioning procedure anyway. Note that notification consumers do not request a specific payload version nor do they get a schema to perform their own backporting, they just get what they get, so after this there should be no worry about needing to support the 1.0 format for this payload. Change-Id: Ib5edea32d15db01000e6730aebceaf119daf8c5c Closes-Bug: #1823104 --- nova/notifications/objects/request_spec.py | 7 ++----- .../functional/notification_sample_tests/test_instance.py | 4 +--- nova/tests/unit/notifications/objects/test_notification.py | 2 +- 3 files changed, 4 insertions(+), 9 deletions(-) diff --git a/nova/notifications/objects/request_spec.py b/nova/notifications/objects/request_spec.py index 587c693c16..28ca6baf04 100644 --- a/nova/notifications/objects/request_spec.py +++ b/nova/notifications/objects/request_spec.py @@ -325,21 +325,18 @@ class SchedulerRetriesPayload(base.NotificationPayloadBase): @nova_base.NovaObjectRegistry.register_notification class CellMappingPayload(base.NotificationPayloadBase): # Version 1.0: Initial version - VERSION = '1.0' + # Version 2.0: Remove transport_url and database_connection fields. + VERSION = '2.0' SCHEMA = { 'uuid': ('cell', 'uuid'), 'name': ('cell', 'name'), - 'transport_url': ('cell', 'transport_url'), - 'database_connection': ('cell', 'database_connection'), 'disabled': ('cell', 'disabled'), } fields = { 'uuid': fields.UUIDField(), 'name': fields.StringField(nullable=True), - 'transport_url': fields.StringField(), - 'database_connection': fields.StringField(), 'disabled': fields.BooleanField(default=False), } diff --git a/nova/tests/functional/notification_sample_tests/test_instance.py b/nova/tests/functional/notification_sample_tests/test_instance.py index 7161eda67e..a62bc1f924 100644 --- a/nova/tests/functional/notification_sample_tests/test_instance.py +++ b/nova/tests/functional/notification_sample_tests/test_instance.py @@ -957,14 +957,12 @@ class TestInstanceNotificationSample( 'nova_object.data': { 'aggregates': None, 'cell': { - 'nova_object.version': '1.0', + 'nova_object.version': '2.0', 'nova_object.namespace': 'nova', 'nova_object.name': 'CellMappingPayload', 'nova_object.data': { - 'database_connection': cell1.database_connection, 'disabled': False, 'name': u'cell1', - 'transport_url': u'fake://nowhere/', 'uuid': cell1.uuid } } diff --git a/nova/tests/unit/notifications/objects/test_notification.py b/nova/tests/unit/notifications/objects/test_notification.py index f76fbb3b73..ffe2469bf7 100644 --- a/nova/tests/unit/notifications/objects/test_notification.py +++ b/nova/tests/unit/notifications/objects/test_notification.py @@ -370,7 +370,7 @@ notification_object_data = { 'AuditPeriodPayload': '1.0-2b429dd307b8374636703b843fa3f9cb', 'BandwidthPayload': '1.0-ee2616a7690ab78406842a2b68e34130', 'BlockDevicePayload': '1.0-29751e1b6d41b1454e36768a1e764df8', - 'CellMappingPayload': '1.0-cf7faeb3cdd6b0c742ff74c80b88fb11', + 'CellMappingPayload': '2.0-8acd412eb4edff1cd2ecb9867feeb243', 'ComputeTaskNotification': '1.0-a73147b93b520ff0061865849d3dfa56', 'ComputeTaskPayload': '1.0-e3d34762c14d131c98337b72e8c600e1', 'DestinationPayload': '1.0-4ccf26318dd18c4377dada2b1e74ec2e',