Commit 62c9bf41 authored by Lisa Velden's avatar Lisa Velden

Add QA test to test redaction of secret parameters

Test if secret parameter values for instance create jobs are
redacted in job files.
Signed-off-by: default avatarLisa Velden <velden@google.com>
Reviewed-by: default avatarHrvoje Ribicic <riba@google.com>
parent d59b29fd
......@@ -1064,6 +1064,8 @@ def RunQa():
"instance-add-restricted-by-disktemplates",
qa_instance.TestInstanceCreationRestrictedByDiskTemplates)
RunTestIf("instance-add-osparams", qa_instance.TestInstanceAddOsParams)
# Test removing instance with offline drbd secondary
if qa_config.TestEnabled(["instance-remove-drbd-offline",
"instance-add-drbd-disk"]):
......
......@@ -47,6 +47,7 @@ import qa_daemon
import qa_utils
import qa_error
from qa_filters import stdout_of
from qa_utils import AssertCommand, AssertEqual, AssertIn
from qa_utils import InstanceCheck, INST_DOWN, INST_UP, FIRST_ARG, RETURN_VALUE
from qa_instance_utils import CheckSsconfInstanceList, \
......@@ -1516,6 +1517,54 @@ def TestInstanceCommunication(instance, master):
print result_output
def _TestRedactionOfSecretOsParams(cmd, secret_keys):
"""Tests redaction of secret os parameters
"""
AssertCommand(["gnt-cluster", "modify", "--max-running-jobs", "1"])
debug_delay_id = int(stdout_of(["gnt-debug", "delay", "--print-jobid",
"--submit", "300"]))
cmd_jid = int(stdout_of(cmd))
job_file = "/var/lib/ganeti/queue/job-%s" % cmd_jid
for k in secret_keys:
grep_cmd = ["grep", "\"%s\":\"<redacted>\"" % k, job_file]
AssertCommand(grep_cmd)
AssertCommand(["gnt-job", "cancel", "--kill", "--yes-do-it",
str(debug_delay_id)])
AssertCommand(["gnt-cluster", "modify", "--max-running-jobs", "20"])
AssertCommand(["gnt-job", "wait", str(cmd_jid)])
def TestInstanceAddOsParams():
"""Tests instance add with secret os parameters"""
if not qa_config.IsTemplateSupported(constants.DT_PLAIN):
return
pnode = qa_config.AcquireNode()
instance = qa_config.AcquireInstance()
secret_keys = ["param1", "param2"]
cmd = (["gnt-instance", "add",
"--os-type=%s" % qa_config.get("os"),
"--disk-template=%s" % constants.DT_PLAIN,
"--os-parameters-secret",
"param1=secret1,param2=secret2",
"--node=%s" % pnode.primary] +
GetGenericAddParameters(instance, constants.DT_PLAIN))
cmd.append("--submit")
cmd.append("--print-jobid")
cmd.append(instance.name)
_TestRedactionOfSecretOsParams(cmd, secret_keys)
TestInstanceRemove(instance)
instance.Release()
pnode.Release()
available_instance_tests = [
("instance-add-plain-disk", constants.DT_PLAIN,
TestInstanceAddWithPlainDisk, 1),
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment