[PATCH master 3/3] Fail if secret parameters are missing

Fri, 26 Jun 2015 02:05:37 -0700 

Raise an OpPrereqError if secret parameters are expected, but missing.
Job retries result in this error.

Signed-off-by: Lisa Velden <[email protected]>
---
 lib/mcpu.py             | 11 +++++++++++
 src/Ganeti/Constants.hs |  4 ++++
 src/Ganeti/Types.hs     |  1 +
 3 files changed, 16 insertions(+)

diff --git a/lib/mcpu.py b/lib/mcpu.py
index 8134f53..3913b45 100644
--- a/lib/mcpu.py
+++ b/lib/mcpu.py
@@ -646,6 +646,16 @@ class Processor(object):
         raise errors.OpResultError("Opcode result does not match %s: %s" %
                                    (resultcheck_fn, utils.Truncate(result, 
80)))
 
+  def _CheckSecretParameters(self, op):
+    """Check if secret parameters are expected, but missing.
+
+    """
+    if hasattr(op, "osparams_secret") and op.osparams_secret:
+      for secret_param in op.osparams_secret:
+        if op.osparams_secret[secret_param].Get() == constants.REDACTED:
+          raise errors.OpPrereqError("Please re-submit secret parameters to"
+                                     " job.", errors.ECODE_INVAL)
+
   def ExecOpCode(self, op, cbs, timeout=None):
     """Execute an opcode.
 
@@ -687,6 +697,7 @@ class Processor(object):
       lu = lu_class(self, op, self.cfg, self.rpc,
                     self._wconfdcontext, self.wconfd)
       lu.wconfdlocks = self.wconfd.Client().ListLocks(self._wconfdcontext)
+      self._CheckSecretParameters(op)
       lu.ExpandNames()
       assert lu.needed_locks is not None, "needed_locks not set by LU"
 
diff --git a/src/Ganeti/Constants.hs b/src/Ganeti/Constants.hs
index d879cd8..23dc457 100644
--- a/src/Ganeti/Constants.hs
+++ b/src/Ganeti/Constants.hs
@@ -5262,6 +5262,10 @@ debugModeConfidentialityWarning =
   "ALERT: %s started in debug mode.\n\
   \ Private and secret parameters WILL be logged!\n"
 
+-- | Use to hide secret parameter value
+redacted :: String
+redacted = Types.redacted
+
 -- * Stat dictionary entries
 --
 -- The get_file_info RPC returns a number of values as a dictionary, and the
diff --git a/src/Ganeti/Types.hs b/src/Ganeti/Types.hs
index c9bcd8c..52c30f1 100644
--- a/src/Ganeti/Types.hs
+++ b/src/Ganeti/Types.hs
@@ -177,6 +177,7 @@ module Ganeti.Types
   , Secret(..)
   , showSecretJSObject
   , revealValInJSObject
+  , redacted
   , HvParams
   , OsParams
   , OsParamsPrivate
-- 
2.4.3.573.g4eafbef

Reply via email to