mask private keys for the ssh power driver.
As this driver is deprecated masking here (opposed to strutils)
is simpler, and easier to backport. This can be removed along with
support for the ssh power driver.
Closes-Bug: #1638596
Change-Id: I107f2ce4ee2cd22558455de7ed595c2b3a7c6845
(cherry picked from commit ca585bec9d
)
This commit is contained in:
parent
fcf32419cd
commit
94f132e711
|
@ -826,6 +826,14 @@ class Node(base.APIBase):
|
|||
if not show_driver_secrets and node.driver_info != wtypes.Unset:
|
||||
node.driver_info = strutils.mask_dict_password(
|
||||
node.driver_info, "******")
|
||||
|
||||
# NOTE(derekh): mask ssh keys for the ssh power driver.
|
||||
# As this driver is deprecated masking here (opposed to strutils)
|
||||
# is simpler, and easier to backport. This can be removed along
|
||||
# with support for the ssh power driver.
|
||||
if node.driver_info.get('ssh_key_contents'):
|
||||
node.driver_info['ssh_key_contents'] = "******"
|
||||
|
||||
if not show_instance_secrets and node.instance_info != wtypes.Unset:
|
||||
node.instance_info = strutils.mask_dict_password(
|
||||
node.instance_info, "******")
|
||||
|
|
|
@ -992,6 +992,18 @@ class TestListNodes(test_api_base.BaseApiTest):
|
|||
# rpc_node lookup and pass that downwards
|
||||
mock_vdi.assert_called_once_with(mock.ANY, node.uuid, 'test-topic')
|
||||
|
||||
def test_ssh_creds_masked(self):
|
||||
driver_info = {"ssh_password": "password", "ssh_key_contents": "key"}
|
||||
node = obj_utils.create_test_node(self.context,
|
||||
chassis_id=self.chassis.id,
|
||||
driver_info=driver_info)
|
||||
data = self.get_json(
|
||||
'/nodes/%s' % node.uuid,
|
||||
headers={api_base.Version.string: str(api_v1.MAX_VER)})
|
||||
|
||||
self.assertEqual("******", data["driver_info"]["ssh_password"])
|
||||
self.assertEqual("******", data["driver_info"]["ssh_key_contents"])
|
||||
|
||||
|
||||
class TestPatch(test_api_base.BaseApiTest):
|
||||
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
security:
|
||||
- private ssh keys are now masked when using the ssh power driver
|
||||
and node details are requested.
|
Loading…
Reference in New Issue