Re: Issue 1048 in ganeti: Unittests for NodeSsh{Add,Remove}Key and renew crypto need improvment

[ganeti]

Updates:
        Status: Fixed

Comment #2 on issue 1048 by hel...@google.com: Unittests for  
NodeSsh{Add,Remove}Key and renew crypto need improvment
https://code.google.com/p/ganeti/issues/detail?id=1048
Fixed with:

commit d109b3c2f6437a2c91842cd1e46d4f47f9698b4a
Author: Helga Velroyen <hel...@google.com>
Date:   Tue Jan 19 15:21:17 2016 +0100

    Unit test for backend.RenewCrypto

    This patch adds a unit test for the successful execution
    of backend.RenewCrypto. It mostly reuses infrastructure
    from the unit tests for adding and removing SSH keys.

    Signed-off-by: Helga Velroyen <hel...@google.com>
    Reviewed-by: Klaus Aehlig <aeh...@google.com>

commit f33bb17eaa9d0dbf33e1920aae87298fd074265b
Author: Helga Velroyen <hel...@google.com>
Date:   Tue Jan 19 15:21:05 2016 +0100

    SSH testutils: GetKeyOfNode

    This adds a little utility function to ask the SSH file
    manager for a key of one particular node.

    This patch also updates some documentation of the previous
    function.

    Signed-off-by: Helga Velroyen <hel...@google.com>
    Reviewed-by: Klaus Aehlig <aeh...@google.com>

commit 9738a3f5f4f718a9f9e44e38896e79bc1e729a4a
Author: Helga Velroyen <hel...@google.com>
Date:   Tue Jan 19 15:19:02 2016 +0100

    Make backend.RenewCrypto more testable

    In order to improve the testability of backend.RenewCrypto,
    this patch does two things:
    * It uses the previously introduced SSH utility functions.
      Those are easier to consistently mock during unit tests
      and they consistenly abstract the lower layer of file
      operations on SSH keys.
    * When calling the subfunctions to add and remove keys,
      some of the optional parameters were not propagated,
      which in tests will prevent the mocks from being
      propagated.

    Besides that, it also renames ReadRemoteSshPubKeys to
    ReadRemoteSshPubKey, because that actually only fetches one
    key.

    Signed-off-by: Helga Velroyen <hel...@google.com>
    Reviewed-by: Klaus Aehlig <aeh...@google.com>

commit 08626d35c8c72747853c1cd19595b8b3fa040896
Author: Helga Velroyen <hel...@google.com>
Date:   Tue Jan 19 14:28:16 2016 +0100

    SSH testutils: add key generation

    The SSH file manager which is used in unit tests
    so far did not provide functionality to actually
    generate a new key. This patch adds a very rudimentary
    way of creating new keys (which works well enough
    for our purposes).

    Signed-off-by: Helga Velroyen <hel...@google.com>
    Reviewed-by: Klaus Aehlig <aeh...@google.com>

commit 3ea9087186dfb1a5c9a7bdaef0b82f4e6d01f2ce
Author: Helga Velroyen <hel...@google.com>
Date:   Fri Jan 15 15:42:33 2016 +0100

    Remove _ReplaceMasterKeyOnMaster

    The somewhat cumbersome function _ReplaceMasterKeyOnMaster
    is replaced with one of the ssh utility functions provied
    in the previous patches.

    Signed-off-by: Helga Velroyen <hel...@google.com>
    Reviewed-by: Klaus Aehlig <aeh...@google.com>

commit b0c796f44228e0e798e974afd19d6e028e27a5b1
Author: Helga Velroyen <hel...@google.com>
Date:   Fri Jan 15 11:18:24 2016 +0100

    SSH utility functions for key manipulation

    So far, the backend code contains a lot of (repetitive)
    code to manipulate SSH keys on the local disk. This
    patch adds utility functions for those basic operations
    and also includes unit tests for those.

    In the later patches of this series, those functions
    will be used to simplify the code and increase the
    code reusage.

    Signed-off-by: Helga Velroyen <hel...@google.com>
    Reviewed-by: Klaus Aehlig <aeh...@google.com>

commit 846733f7fdda1c5d4375e7cdc94857b251424340
Author: Helga Velroyen <hel...@google.com>
Date:   Thu Jan 14 14:35:50 2016 +0100

    RenewCrypto: do not consult public key file

    There is a bug in the current implementation of
    backend.RenewCrypto. Before re-generating keys, it checks
    if the current key of each node is in the Ganeti public key
    file. This was intended as a security feature, but actually
    does not work like that. The Ganeti public key file does
    only contain the keys of the potential master candidates.
    In case of a key-renewal, all nodes' keys are renewed and
    that includes the normal nodes (which are not potential
    master candidates). This patch removes these checks to
    make sure renewal does not fail if a cluster contains
    normal nodes.

    Note: since potential master candidates are not fully
    implemented yet, this did not show up on actual clusters.
    The unit test which is implemented in a later patch of
    this series revealed this flaw.

    Signed-off-by: Helga Velroyen <hel...@google.com>
    Reviewed-by: Klaus Aehlig <aeh...@google.com>

commit 2aa02fa5b1950e9bc3f6a1828948a95cbd4da918
Author: Helga Velroyen <hel...@google.com>
Date:   Wed Jan 13 13:20:45 2016 +0100

    SSH testutils: function to return all node UUIDs

    This patch adds a utility function to the SSH test
    utilities which returns all UUIDs of all nodes that
    the file manager is aware of.

    Signed-off-by: Helga Velroyen <hel...@google.com>
    Reviewed-by: Klaus Aehlig <aeh...@google.com>


--
You received this message because this project is configured to send all  
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings