Allow shred zeroize option to be configured

Introduce a new parameter in driver_internal_info called agent_erase_devices_zeroize to control the behavior of shred. This parameter controls the --zero argument used when invoking shred. Configuring this to false disabled the last pass of zeroes, leaving the device with random data. Change-Id: I7053034f5b5bc6737b535ee601e6fb71284d4a83 Partial-bug: #1568811 Depends-On: Ia7ea8d909df9ae86a6dbd68ba94746b171535eb8
2016-04-12 08:37:18 -04:00
parent cb604fbe7e
commit 1c9ecbd8cb
2 changed files with 90 additions and 25 deletions
--- a/ironic_python_agent/hardware.py
+++ b/ironic_python_agent/hardware.py
@@ -619,9 +619,15 @@ class GenericHardwareManager(HardwareManager):
        """
        info = node.get('driver_internal_info', {})
        npasses = info.get('agent_erase_devices_iterations', 1)
+        args = ('shred', '--force')
+
+        if info.get('agent_erase_devices_zeroize', True):
+            args += ('--zero', )
+
+        args += ('--verbose', '--iterations', str(npasses), block_device.name)
+
        try:
-            utils.execute('shred', '--force', '--zero', '--verbose',
-                          '--iterations', str(npasses), block_device.name)
+            utils.execute(*args)
        except (processutils.ProcessExecutionError, OSError) as e:
            msg = ("Erasing block device %(dev)s failed with error %(err)s ",
                   {'dev': block_device.name, 'err': e})
--- a/ironic_python_agent/tests/unit/test_hardware.py
+++ b/ironic_python_agent/tests/unit/test_hardware.py
@@ -143,7 +143,9 @@ BLK_DEVICE_TEMPLATE_SMALL_DEVICES = [
                         vendor="FooTastic"),
 ]

-SHRED_OUTPUT = (
+SHRED_OUTPUT_0_ITERATIONS_ZERO_FALSE = ()
+
+SHRED_OUTPUT_1_ITERATION_ZERO_TRUE = (
    'shred: /dev/sda: pass 1/2 (random)...\n'
    'shred: /dev/sda: pass 1/2 (random)...4.9GiB/29GiB 17%\n'
    'shred: /dev/sda: pass 1/2 (random)...15GiB/29GiB 51%\n'
@@ -156,6 +158,19 @@ SHRED_OUTPUT = (
    'shred: /dev/sda: pass 2/2 (000000)...29GiB/29GiB 100%\n'
 )

+SHRED_OUTPUT_2_ITERATIONS_ZERO_FALSE = (
+    'shred: /dev/sda: pass 1/2 (random)...\n'
+    'shred: /dev/sda: pass 1/2 (random)...4.9GiB/29GiB 17%\n'
+    'shred: /dev/sda: pass 1/2 (random)...15GiB/29GiB 51%\n'
+    'shred: /dev/sda: pass 1/2 (random)...20GiB/29GiB 69%\n'
+    'shred: /dev/sda: pass 1/2 (random)...29GiB/29GiB 100%\n'
+    'shred: /dev/sda: pass 2/2 (random)...\n'
+    'shred: /dev/sda: pass 2/2 (random)...4.9GiB/29GiB 17%\n'
+    'shred: /dev/sda: pass 2/2 (random)...15GiB/29GiB 51%\n'
+    'shred: /dev/sda: pass 2/2 (random)...20GiB/29GiB 69%\n'
+    'shred: /dev/sda: pass 2/2 (random)...29GiB/29GiB 100%\n'
+)
+

 LSCPU_OUTPUT = """
 Architecture:          x86_64
@@ -659,31 +674,10 @@ class TestGenericHardwareManager(test_base.BaseTestCase):
    @mock.patch.object(utils, 'execute')
    def test_erase_block_device_nosecurity_shred(self, mocked_execute):
        hdparm_output = HDPARM_INFO_TEMPLATE.split('\nSecurity:')[0]
-        info = self.node.get('driver_internal_info')
-        info['agent_erase_devices_iterations'] = 2

        mocked_execute.side_effect = [
            (hdparm_output, ''),
-            (SHRED_OUTPUT, '')
-        ]
-
-        block_device = hardware.BlockDevice('/dev/sda', 'big', 1073741824,
-                                            True)
-        self.hardware.erase_block_device(self.node, block_device)
-        mocked_execute.assert_has_calls([
-            mock.call('hdparm', '-I', '/dev/sda'),
-            mock.call('shred', '--force', '--zero', '--verbose',
-                      '--iterations', '2', '/dev/sda')
-        ])
-
-    @mock.patch.object(utils, 'execute')
-    def test_erase_block_device_notsupported_shred(self, mocked_execute):
-        hdparm_output = create_hdparm_info(
-            supported=False, enabled=False, frozen=False, enhanced_erase=False)
-
-        mocked_execute.side_effect = [
-            (hdparm_output, ''),
-            (SHRED_OUTPUT, '')
+            (SHRED_OUTPUT_1_ITERATION_ZERO_TRUE, '')
        ]

        block_device = hardware.BlockDevice('/dev/sda', 'big', 1073741824,
@@ -695,6 +689,71 @@ class TestGenericHardwareManager(test_base.BaseTestCase):
                      '--iterations', '1', '/dev/sda')
        ])

+    @mock.patch.object(utils, 'execute')
+    def test_erase_block_device_notsupported_shred(self, mocked_execute):
+        hdparm_output = create_hdparm_info(
+            supported=False, enabled=False, frozen=False, enhanced_erase=False)
+
+        mocked_execute.side_effect = [
+            (hdparm_output, ''),
+            (SHRED_OUTPUT_1_ITERATION_ZERO_TRUE, '')
+        ]
+
+        block_device = hardware.BlockDevice('/dev/sda', 'big', 1073741824,
+                                            True)
+        self.hardware.erase_block_device(self.node, block_device)
+        mocked_execute.assert_has_calls([
+            mock.call('hdparm', '-I', '/dev/sda'),
+            mock.call('shred', '--force', '--zero', '--verbose',
+                      '--iterations', '1', '/dev/sda')
+        ])
+
+    @mock.patch.object(utils, 'execute')
+    def test_erase_block_device_shred_uses_internal_info(self, mocked_execute):
+        hdparm_output = create_hdparm_info(
+            supported=False, enabled=False, frozen=False, enhanced_erase=False)
+
+        info = self.node.get('driver_internal_info')
+        info['agent_erase_devices_iterations'] = 2
+        info['agent_erase_devices_zeroize'] = False
+
+        mocked_execute.side_effect = [
+            (hdparm_output, ''),
+            (SHRED_OUTPUT_2_ITERATIONS_ZERO_FALSE, '')
+        ]
+
+        block_device = hardware.BlockDevice('/dev/sda', 'big', 1073741824,
+                                            True)
+        self.hardware.erase_block_device(self.node, block_device)
+        mocked_execute.assert_has_calls([
+            mock.call('hdparm', '-I', '/dev/sda'),
+            mock.call('shred', '--force', '--verbose',
+                      '--iterations', '2', '/dev/sda')
+        ])
+
+    @mock.patch.object(utils, 'execute')
+    def test_erase_block_device_shred_0_pass_no_zeroize(self, mocked_execute):
+        hdparm_output = create_hdparm_info(
+            supported=False, enabled=False, frozen=False, enhanced_erase=False)
+
+        info = self.node.get('driver_internal_info')
+        info['agent_erase_devices_iterations'] = 0
+        info['agent_erase_devices_zeroize'] = False
+
+        mocked_execute.side_effect = [
+            (hdparm_output, ''),
+            (SHRED_OUTPUT_0_ITERATIONS_ZERO_FALSE, '')
+        ]
+
+        block_device = hardware.BlockDevice('/dev/sda', 'big', 1073741824,
+                                            True)
+        self.hardware.erase_block_device(self.node, block_device)
+        mocked_execute.assert_has_calls([
+            mock.call('hdparm', '-I', '/dev/sda'),
+            mock.call('shred', '--force', '--verbose',
+                      '--iterations', '0', '/dev/sda')
+        ])
+
    @mock.patch.object(hardware.GenericHardwareManager,
                       '_is_virtual_media_device', autospec=True)
    def test_erase_block_device_virtual_media(self, vm_mock):