From 3963f03f462aac92fa28d7cd224dc4db86ce9a95 Mon Sep 17 00:00:00 2001 From: Matthias Runge Date: Tue, 19 Apr 2016 16:53:02 +0200 Subject: [PATCH] No lock required for reading secret key Change-Id: I5b73db259153eb28e7c3bd5259d5c99476694804 Closes-Bug: #1572187 --- horizon/utils/secret_key.py | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/horizon/utils/secret_key.py b/horizon/utils/secret_key.py index 532361e892..cc02420d71 100644 --- a/horizon/utils/secret_key.py +++ b/horizon/utils/secret_key.py @@ -39,6 +39,14 @@ def generate_key(key_length=64): range(key_length))) +def read_from_file(key_file='.secret_key'): + if (os.stat(key_file).st_mode & 0o777) != 0o600: + raise FilePermissionError("Insecure key file permissions!") + with open(key_file, 'r') as f: + key = f.readline() + return key + + def generate_or_read_from_file(key_file='.secret_key', key_length=64): """Multiprocess-safe secret key file generator. @@ -49,6 +57,13 @@ def generate_or_read_from_file(key_file='.secret_key', key_length=64): throws an exception if not. """ abspath = os.path.abspath(key_file) + # check, if key_file already exists + # if yes, then just read and return key + if os.path.exists(key_file): + key = read_from_file(key_file) + return key + + # otherwise, first lock to make sure only one process lock = lockutils.external_lock(key_file + ".lock", lock_path=os.path.dirname(abspath)) with lock: @@ -59,8 +74,5 @@ def generate_or_read_from_file(key_file='.secret_key', key_length=64): f.write(key) os.umask(old_umask) else: - if (os.stat(key_file).st_mode & 0o777) != 0o600: - raise FilePermissionError("Insecure key file permissions!") - with open(key_file, 'r') as f: - key = f.readline() + key = read_from_file(key_file) return key