openstack/horizon
Code Issues Proposed changes

Merge "No lock required for reading secret key"

Browse Source
This commit is contained in:
Jenkins 2016-08-29 12:33:03 +00:00 committed by Gerrit Code Review
commit 1d3617c7d9
1 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
horizon/utils/secret_key.py
View File

@ -44,6 +44,14 @@ def generate_key(key_length=64):
range(key_length))) range(key_length)))
def read_from_file(key_file='.secret_key'):
if (os.stat(key_file).st_mode & 0o777) != 0o600:
raise FilePermissionError("Insecure key file permissions!")
with open(key_file, 'r') as f:
key = f.readline()
return key
def generate_or_read_from_file(key_file='.secret_key', key_length=64): def generate_or_read_from_file(key_file='.secret_key', key_length=64):
"""Multiprocess-safe secret key file generator. """Multiprocess-safe secret key file generator.
@ -54,6 +62,13 @@ def generate_or_read_from_file(key_file='.secret_key', key_length=64):
throws an exception if not. throws an exception if not.
""" """
abspath = os.path.abspath(key_file) abspath = os.path.abspath(key_file)
# check, if key_file already exists
# if yes, then just read and return key
if os.path.exists(key_file):
key = read_from_file(key_file)
return key
# otherwise, first lock to make sure only one process
lock = lockutils.external_lock(key_file + ".lock", lock = lockutils.external_lock(key_file + ".lock",
lock_path=os.path.dirname(abspath)) lock_path=os.path.dirname(abspath))
with lock: with lock:
@ -64,8 +79,5 @@ def generate_or_read_from_file(key_file='.secret_key', key_length=64):
f.write(key) f.write(key)
os.umask(old_umask) os.umask(old_umask)
else: else:
if (os.stat(key_file).st_mode & 0o777) != 0o600: key = read_from_file(key_file)
raise FilePermissionError("Insecure key file permissions!")
with open(key_file, 'r') as f:
key = f.readline()
return key return key