Do not mask configdrive when executing in-band deploy steps
The agent needs to use configdrive, and we do send it over the same channel when running write_image. There is no point in preventing custom deploy steps from accessing it. Change-Id: I93d3966b2c6af1f60bfbb39b3a07056308c6866c
This commit is contained in:
parent
193d2e65f1
commit
d97f0fb5ec
@ -593,7 +593,7 @@ class AgentClient(object):
|
|||||||
"""
|
"""
|
||||||
params = {
|
params = {
|
||||||
'step': step,
|
'step': step,
|
||||||
'node': node.as_dict(secure=True),
|
'node': node.as_dict(secure=True, mask_configdrive=False),
|
||||||
'ports': [port.as_dict() for port in ports],
|
'ports': [port.as_dict() for port in ports],
|
||||||
'deploy_version': node.driver_internal_info.get(
|
'deploy_version': node.driver_internal_info.get(
|
||||||
'hardware_manager_version')
|
'hardware_manager_version')
|
||||||
|
@ -168,13 +168,17 @@ class Node(base.IronicObject, object_base.VersionedObjectDictCompat):
|
|||||||
'network_data': object_fields.FlexibleDictField(nullable=True),
|
'network_data': object_fields.FlexibleDictField(nullable=True),
|
||||||
}
|
}
|
||||||
|
|
||||||
def as_dict(self, secure=False):
|
def as_dict(self, secure=False, mask_configdrive=True):
|
||||||
d = super(Node, self).as_dict()
|
d = super(Node, self).as_dict()
|
||||||
if secure:
|
if secure:
|
||||||
d['driver_info'] = strutils.mask_dict_password(
|
d['driver_info'] = strutils.mask_dict_password(
|
||||||
d.get('driver_info', {}), "******")
|
d.get('driver_info', {}), "******")
|
||||||
d['instance_info'] = strutils.mask_dict_password(
|
iinfo = d.pop('instance_info', {})
|
||||||
d.get('instance_info', {}), "******")
|
if not mask_configdrive:
|
||||||
|
configdrive = iinfo.pop('configdrive', None)
|
||||||
|
d['instance_info'] = strutils.mask_dict_password(iinfo, "******")
|
||||||
|
if not mask_configdrive and configdrive:
|
||||||
|
d['instance_info']['configdrive'] = configdrive
|
||||||
d['driver_internal_info'] = strutils.mask_dict_password(
|
d['driver_internal_info'] = strutils.mask_dict_password(
|
||||||
d.get('driver_internal_info', {}), "******")
|
d.get('driver_internal_info', {}), "******")
|
||||||
return d
|
return d
|
||||||
|
@ -61,6 +61,18 @@ class TestNodeObject(db_base.DbTestCase, obj_utils.SchemasTestMixIn):
|
|||||||
# Ensure the node can be serialised.
|
# Ensure the node can be serialised.
|
||||||
jsonutils.dumps(d)
|
jsonutils.dumps(d)
|
||||||
|
|
||||||
|
def test_as_dict_secure_with_configdrive(self):
|
||||||
|
self.node.driver_info['ipmi_password'] = 'fake'
|
||||||
|
self.node.instance_info['configdrive'] = 'data'
|
||||||
|
self.node.driver_internal_info['agent_secret_token'] = 'abc'
|
||||||
|
d = self.node.as_dict(secure=True, mask_configdrive=False)
|
||||||
|
self.assertEqual('******', d['driver_info']['ipmi_password'])
|
||||||
|
self.assertEqual('data', d['instance_info']['configdrive'])
|
||||||
|
self.assertEqual('******',
|
||||||
|
d['driver_internal_info']['agent_secret_token'])
|
||||||
|
# Ensure the node can be serialised.
|
||||||
|
jsonutils.dumps(d)
|
||||||
|
|
||||||
def test_as_dict_with_traits(self):
|
def test_as_dict_with_traits(self):
|
||||||
self.fake_node['traits'] = ['CUSTOM_1']
|
self.fake_node['traits'] = ['CUSTOM_1']
|
||||||
self.node = obj_utils.get_test_node(self.ctxt, **self.fake_node)
|
self.node = obj_utils.get_test_node(self.ctxt, **self.fake_node)
|
||||||
|
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
No longer masks configdrive when sending the node's record to in-band
|
||||||
|
deploy steps.
|
Loading…
Reference in New Issue
Block a user