Raise an OpPrereqError if secret parameters are expected, but missing. Job retries result in this error.
Signed-off-by: Lisa Velden <[email protected]> --- lib/mcpu.py | 12 ++++++++++++ src/Ganeti/Constants.hs | 4 ++++ src/Ganeti/Types.hs | 1 + 3 files changed, 17 insertions(+) diff --git a/lib/mcpu.py b/lib/mcpu.py index 8134f53..209e859 100644 --- a/lib/mcpu.py +++ b/lib/mcpu.py @@ -276,6 +276,17 @@ def _LockList(names): return list(names) +def _CheckSecretParameters(op): + """Check if secret parameters are expected, but missing. + + """ + if hasattr(op, "osparams_secret") and op.osparams_secret: + for secret_param in op.osparams_secret: + if op.osparams_secret[secret_param].Get() == constants.REDACTED: + raise errors.OpPrereqError("Please re-submit secret parameters to job.", + errors.ECODE_INVAL) + + class Processor(object): """Object which runs OpCodes""" DISPATCH_TABLE = _ComputeDispatchTable() @@ -687,6 +698,7 @@ class Processor(object): lu = lu_class(self, op, self.cfg, self.rpc, self._wconfdcontext, self.wconfd) lu.wconfdlocks = self.wconfd.Client().ListLocks(self._wconfdcontext) + _CheckSecretParameters(op) lu.ExpandNames() assert lu.needed_locks is not None, "needed_locks not set by LU" diff --git a/src/Ganeti/Constants.hs b/src/Ganeti/Constants.hs index d879cd8..23dc457 100644 --- a/src/Ganeti/Constants.hs +++ b/src/Ganeti/Constants.hs @@ -5262,6 +5262,10 @@ debugModeConfidentialityWarning = "ALERT: %s started in debug mode.\n\ \ Private and secret parameters WILL be logged!\n" +-- | Use to hide secret parameter value +redacted :: String +redacted = Types.redacted + -- * Stat dictionary entries -- -- The get_file_info RPC returns a number of values as a dictionary, and the diff --git a/src/Ganeti/Types.hs b/src/Ganeti/Types.hs index c9bcd8c..52c30f1 100644 --- a/src/Ganeti/Types.hs +++ b/src/Ganeti/Types.hs @@ -177,6 +177,7 @@ module Ganeti.Types , Secret(..) , showSecretJSObject , revealValInJSObject + , redacted , HvParams , OsParams , OsParamsPrivate -- 2.4.3.573.g4eafbef
