Do not mask configdrive when executing in-band deploy steps
The agent needs to use configdrive, and we do send it over the same channel when running write_image. There is no point in preventing custom deploy steps from accessing it. Change-Id: I93d3966b2c6af1f60bfbb39b3a07056308c6866c
This commit is contained in:
parent
193d2e65f1
commit
d97f0fb5ec
@ -593,7 +593,7 @@ class AgentClient(object):
|
||||
"""
|
||||
params = {
|
||||
'step': step,
|
||||
'node': node.as_dict(secure=True),
|
||||
'node': node.as_dict(secure=True, mask_configdrive=False),
|
||||
'ports': [port.as_dict() for port in ports],
|
||||
'deploy_version': node.driver_internal_info.get(
|
||||
'hardware_manager_version')
|
||||
|
@ -168,13 +168,17 @@ class Node(base.IronicObject, object_base.VersionedObjectDictCompat):
|
||||
'network_data': object_fields.FlexibleDictField(nullable=True),
|
||||
}
|
||||
|
||||
def as_dict(self, secure=False):
|
||||
def as_dict(self, secure=False, mask_configdrive=True):
|
||||
d = super(Node, self).as_dict()
|
||||
if secure:
|
||||
d['driver_info'] = strutils.mask_dict_password(
|
||||
d.get('driver_info', {}), "******")
|
||||
d['instance_info'] = strutils.mask_dict_password(
|
||||
d.get('instance_info', {}), "******")
|
||||
iinfo = d.pop('instance_info', {})
|
||||
if not mask_configdrive:
|
||||
configdrive = iinfo.pop('configdrive', None)
|
||||
d['instance_info'] = strutils.mask_dict_password(iinfo, "******")
|
||||
if not mask_configdrive and configdrive:
|
||||
d['instance_info']['configdrive'] = configdrive
|
||||
d['driver_internal_info'] = strutils.mask_dict_password(
|
||||
d.get('driver_internal_info', {}), "******")
|
||||
return d
|
||||
|
@ -61,6 +61,18 @@ class TestNodeObject(db_base.DbTestCase, obj_utils.SchemasTestMixIn):
|
||||
# Ensure the node can be serialised.
|
||||
jsonutils.dumps(d)
|
||||
|
||||
def test_as_dict_secure_with_configdrive(self):
|
||||
self.node.driver_info['ipmi_password'] = 'fake'
|
||||
self.node.instance_info['configdrive'] = 'data'
|
||||
self.node.driver_internal_info['agent_secret_token'] = 'abc'
|
||||
d = self.node.as_dict(secure=True, mask_configdrive=False)
|
||||
self.assertEqual('******', d['driver_info']['ipmi_password'])
|
||||
self.assertEqual('data', d['instance_info']['configdrive'])
|
||||
self.assertEqual('******',
|
||||
d['driver_internal_info']['agent_secret_token'])
|
||||
# Ensure the node can be serialised.
|
||||
jsonutils.dumps(d)
|
||||
|
||||
def test_as_dict_with_traits(self):
|
||||
self.fake_node['traits'] = ['CUSTOM_1']
|
||||
self.node = obj_utils.get_test_node(self.ctxt, **self.fake_node)
|
||||
|
@ -0,0 +1,5 @@
|
||||
---
|
||||
fixes:
|
||||
- |
|
||||
No longer masks configdrive when sending the node's record to in-band
|
||||
deploy steps.
|
Loading…
x
Reference in New Issue
Block a user