Merge "mask private keys for the ssh power driver."
This commit is contained in:
commit
241462d8d5
|
@ -838,6 +838,14 @@ class Node(base.APIBase):
|
|||
if not show_driver_secrets and node.driver_info != wtypes.Unset:
|
||||
node.driver_info = strutils.mask_dict_password(
|
||||
node.driver_info, "******")
|
||||
|
||||
# NOTE(derekh): mask ssh keys for the ssh power driver.
|
||||
# As this driver is deprecated masking here (opposed to strutils)
|
||||
# is simpler, and easier to backport. This can be removed along
|
||||
# with support for the ssh power driver.
|
||||
if node.driver_info.get('ssh_key_contents'):
|
||||
node.driver_info['ssh_key_contents'] = "******"
|
||||
|
||||
if not show_instance_secrets and node.instance_info != wtypes.Unset:
|
||||
node.instance_info = strutils.mask_dict_password(
|
||||
node.instance_info, "******")
|
||||
|
|
|
@ -1043,6 +1043,18 @@ class TestListNodes(test_api_base.BaseApiTest):
|
|||
# rpc_node lookup and pass that downwards
|
||||
mock_vdi.assert_called_once_with(mock.ANY, node.uuid, 'test-topic')
|
||||
|
||||
def test_ssh_creds_masked(self):
|
||||
driver_info = {"ssh_password": "password", "ssh_key_contents": "key"}
|
||||
node = obj_utils.create_test_node(self.context,
|
||||
chassis_id=self.chassis.id,
|
||||
driver_info=driver_info)
|
||||
data = self.get_json(
|
||||
'/nodes/%s' % node.uuid,
|
||||
headers={api_base.Version.string: str(api_v1.MAX_VER)})
|
||||
|
||||
self.assertEqual("******", data["driver_info"]["ssh_password"])
|
||||
self.assertEqual("******", data["driver_info"]["ssh_key_contents"])
|
||||
|
||||
|
||||
class TestPatch(test_api_base.BaseApiTest):
|
||||
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
security:
|
||||
- private ssh keys are now masked when using the ssh power driver
|
||||
and node details are requested.
|
Loading…
Reference in New Issue