From 30a4340175f1991517d21226b1b26eaf7bd2234c Mon Sep 17 00:00:00 2001
From: Joanna Taryma <joanna.taryma@intel.com>
Date: Wed, 30 Nov 2016 15:27:43 -0600
Subject: [PATCH] Fail ironic startup if no protocol prefix in ironic api
 address

Add regex validation of api_url specified in configuration file.
Oslo config will raise exception if no supported protocol prefix
is included in Ironic api address in configuration file.
Supported protocols are http and https.
Regenerated the config file.

Change-Id: Iabe576134d804211d7f552bfd5a76c404524ffef
Closes-Bug: #1630785
---
 etc/ironic/ironic.conf.sample                             | 8 +++++++-
 ironic/conf/conductor.py                                  | 4 +++-
 ironic/tests/unit/drivers/modules/test_deploy_utils.py    | 8 ++++----
 .../check_protocol_for_ironic_api-32f35c93a140d3ae.yaml   | 8 ++++++++
 4 files changed, 22 insertions(+), 6 deletions(-)
 create mode 100644 releasenotes/notes/check_protocol_for_ironic_api-32f35c93a140d3ae.yaml

diff --git a/etc/ironic/ironic.conf.sample b/etc/ironic/ironic.conf.sample
index ab0d663541..cb4ec914dc 100644
--- a/etc/ironic/ironic.conf.sample
+++ b/etc/ironic/ironic.conf.sample
@@ -712,7 +712,8 @@
 #heartbeat_interval = 10
 
 # URL of Ironic API service. If not set ironic can get the
-# current value from the keystone service catalog. (string
+# current value from the keystone service catalog. If set, the
+# value must start with either http:// or https://. (string
 # value)
 #api_url = <None>
 
@@ -2300,6 +2301,11 @@
 # Minimum value: 5
 #default_notify_timeout = 30
 
+# The duration to schedule a purge of idle sender links.
+# Detach link after expiry. (integer value)
+# Minimum value: 1
+#default_sender_link_timeout = 600
+
 # Indicates the addressing mode used by the driver.
 # Permitted values:
 # 'legacy'   - use legacy non-routable addressing
diff --git a/ironic/conf/conductor.py b/ironic/conf/conductor.py
index 9ccad33e39..5eeee0f1e9 100644
--- a/ironic/conf/conductor.py
+++ b/ironic/conf/conductor.py
@@ -29,9 +29,11 @@ opts = [
                default=10,
                help=_('Seconds between conductor heart beats.')),
     cfg.StrOpt('api_url',
+               regex='^http(s?):\/\/.+',
                help=_('URL of Ironic API service. If not set ironic can '
                       'get the current value from the keystone service '
-                      'catalog.')),
+                      'catalog. If set, the value must start with either '
+                      'http:// or https://.')),
     cfg.IntOpt('heartbeat_timeout',
                default=60,
                help=_('Maximum time (in seconds) since the last check-in '
diff --git a/ironic/tests/unit/drivers/modules/test_deploy_utils.py b/ironic/tests/unit/drivers/modules/test_deploy_utils.py
index bc50db6a79..f3c5a4abdb 100644
--- a/ironic/tests/unit/drivers/modules/test_deploy_utils.py
+++ b/ironic/tests/unit/drivers/modules/test_deploy_utils.py
@@ -1588,19 +1588,19 @@ class AgentMethodsTestCase(db_base.DbTestCase):
         self._test_tear_down_inband_cleaning(manage_boot=False)
 
     def test_build_agent_options_conf(self):
-        self.config(api_url='api-url', group='conductor')
+        self.config(api_url='https://api-url', group='conductor')
         options = utils.build_agent_options(self.node)
-        self.assertEqual('api-url', options['ipa-api-url'])
+        self.assertEqual('https://api-url', options['ipa-api-url'])
         self.assertEqual(0, options['coreos.configdrive'])
 
     @mock.patch.object(utils, '_get_ironic_session')
     def test_build_agent_options_keystone(self, session_mock):
         self.config(api_url=None, group='conductor')
         sess = mock.Mock()
-        sess.get_endpoint.return_value = 'api-url'
+        sess.get_endpoint.return_value = 'https://api-url'
         session_mock.return_value = sess
         options = utils.build_agent_options(self.node)
-        self.assertEqual('api-url', options['ipa-api-url'])
+        self.assertEqual('https://api-url', options['ipa-api-url'])
         self.assertEqual(0, options['coreos.configdrive'])
 
 
diff --git a/releasenotes/notes/check_protocol_for_ironic_api-32f35c93a140d3ae.yaml b/releasenotes/notes/check_protocol_for_ironic_api-32f35c93a140d3ae.yaml
new file mode 100644
index 0000000000..4c9f6e4c7d
--- /dev/null
+++ b/releasenotes/notes/check_protocol_for_ironic_api-32f35c93a140d3ae.yaml
@@ -0,0 +1,8 @@
+---
+fixes:
+  - Accepting ``[conductor]/api_url`` value specified in the configuration
+    file that does not start with either ``https://`` or ``http://``.
+    Such value leads to deployment failure on ironic-python-agent side.
+    This misconfiguration will be detected during ironic-conductor
+    and ironic-api start. An exception will be raised and an error about
+    the invalid value will be logged.