Test if secret parameter values for instance create jobs are redacted in job files.
Signed-off-by: Lisa Velden <[email protected]> --- qa/ganeti-qa.py | 5 +++++ qa/qa_instance.py | 41 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+) diff --git a/qa/ganeti-qa.py b/qa/ganeti-qa.py index 8572cd3..e537b70 100755 --- a/qa/ganeti-qa.py +++ b/qa/ganeti-qa.py @@ -1064,6 +1064,11 @@ def RunQa(): "instance-add-restricted-by-disktemplates", qa_instance.TestInstanceCreationRestrictedByDiskTemplates) + pnode = qa_config.AcquireNode() + RunTestIf("instance-add-osparams", qa_instance.TestInstanceAddOsParams, + [pnode]) + pnode.Release() + # Test removing instance with offline drbd secondary if qa_config.TestEnabled(["instance-remove-drbd-offline", "instance-add-drbd-disk"]): diff --git a/qa/qa_instance.py b/qa/qa_instance.py index 3355f77..0321da9 100644 --- a/qa/qa_instance.py +++ b/qa/qa_instance.py @@ -47,6 +47,7 @@ import qa_daemon import qa_utils import qa_error +from qa_filters import stdout_of from qa_utils import AssertCommand, AssertEqual, AssertIn from qa_utils import InstanceCheck, INST_DOWN, INST_UP, FIRST_ARG, RETURN_VALUE from qa_instance_utils import CheckSsconfInstanceList, \ @@ -1516,6 +1517,46 @@ def TestInstanceCommunication(instance, master): print result_output +def TestInstanceAddOsParams(nodes): + """Tests instance add with secret os parameters""" + + instance = qa_config.AcquireInstance() + secret_keys = ["param1", "param2"] + cmd = (["gnt-instance", "add", + "--os-type=%s" % qa_config.get("os"), + "--disk-template=%s" % constants.DT_PLAIN, + "--os-parameters-secret", + "param1=secret1,param2=secret2", + "--node=%s" % nodes[0].primary] + + GetGenericAddParameters(instance, constants.DT_PLAIN)) + cmd.append("--submit") + cmd.append("--print-jobid") + cmd.append(instance.name) + + _TestRedactionOfSecretOsParams(cmd, secret_keys) + + TestInstanceRemove(instance) + instance.Release() + + +def _TestRedactionOfSecretOsParams(cmd, secret_keys): + """Tests redaction of secret os parameters""" + + AssertCommand(["gnt-cluster", "modify", "--max-running-jobs", "1"]) + debug_delay_id = int(stdout_of(["gnt-debug", "delay", "--interruptible", + "--print-jobid", "--submit", "300"])) + cmd_jid = int(stdout_of(cmd)) + job_file = "/var/lib/ganeti/queue/job-%s" % cmd_jid + + for k in secret_keys: + grep_cmd = ["grep", "\"%s\":\"<redacted>\"" % k, job_file] + AssertCommand(grep_cmd) + + AssertCommand(["gnt-job", "cancel", "--kill", "--yes-do-it", + str(debug_delay_id)]) + AssertCommand(["gnt-cluster", "modify", "--max-running-jobs", "20"]) + + available_instance_tests = [ ("instance-add-plain-disk", constants.DT_PLAIN, TestInstanceAddWithPlainDisk, 1), -- 2.4.3.573.g4eafbef
