Merge branch 'stable-2.10' into stable-2.11
authorHrvoje Ribicic <riba@google.com>
Mon, 30 Nov 2015 16:12:42 +0000 (17:12 +0100)
committerHrvoje Ribicic <riba@google.com>
Mon, 30 Nov 2015 16:27:40 +0000 (17:27 +0100)
* stable-2.10
  (no changes)

* stable-2.9
  QA: Ensure the DRBD secret is not retrievable via RAPI
  Redact the DRBD secret in instance queries
  Do not attempt to use the DRBD secret in gnt-instance info

Conflicts:
  qa/qa_rapi.py - simply append new changes

Signed-off-by: Hrvoje Ribicic <riba@google.com>
Reviewed-by: Klaus Aehlig <aehlig@google.com>

1  2 
lib/client/gnt_instance.py
lib/cmdlib/instance_query.py
qa/ganeti-qa.py
qa/qa_rapi.py

Simple merge
Simple merge
diff --cc qa/ganeti-qa.py
Simple merge
diff --cc qa/qa_rapi.py
@@@ -1061,17 -1027,64 +1062,71 @@@ def TestInterClusterInstanceMove(src_in
        "--net=0:mac=%s" % constants.VALUE_GENERATE,
        master.primary,
        master.primary,
 -      si,
 +      current_src_inst,
        ]
  
 -    qa_utils.RunInstanceCheck(di, False)
 +    # Some uses of this test might require that RAPI-only commands are used,
 +    # and the checks are command-line based.
 +
 +    if perform_checks:
 +      qa_utils.RunInstanceCheck(current_dest_inst, False)
 +
      AssertEqual(StartLocalCommand(cmd).wait(), 0)
 -    qa_utils.RunInstanceCheck(si, False)
 -    qa_utils.RunInstanceCheck(di, True)
 +
 +    if perform_checks:
 +      qa_utils.RunInstanceCheck(current_src_inst, False)
 +      qa_utils.RunInstanceCheck(current_dest_inst, True)
+ _DRBD_SECRET_RE = re.compile('shared-secret.*"([0-9A-Fa-f]+)"')
+ def _RetrieveSecret(instance, pnode):
+   """Retrieves the DRBD secret given an instance object and the primary node.
+   @type instance: L{qa_config._QaInstance}
+   @type pnode: L{qa_config._QaNode}
+   @rtype: string
+   """
+   instance_info = GetInstanceInfo(instance.name)
+   # We are interested in only the first disk on the primary
+   drbd_minor = instance_info["drbd-minors"][pnode.primary][0]
+   # This form should work for all DRBD versions
+   drbd_command = ("drbdsetup show %d; drbdsetup %d show || true" %
+                   (drbd_minor, drbd_minor))
+   instance_drbd_info = \
+     qa_utils.GetCommandOutput(pnode.primary, drbd_command)
+   match_obj = _DRBD_SECRET_RE.search(instance_drbd_info)
+   if match_obj is None:
+     raise qa_error.Error("Could not retrieve DRBD secret for instance %s from"
+                          " node %s." % (instance.name, pnode.primary))
+   return match_obj.groups(0)[0]
+ def TestInstanceDataCensorship(instance, inodes):
+   """Test protection of sensitive instance data."""
+   if instance.disk_template != constants.DT_DRBD8:
+     print qa_utils.FormatInfo("Only the DRBD secret is a sensitive parameter"
+                               " right now, skipping for non-DRBD instance.")
+     return
+   drbd_secret = _RetrieveSecret(instance, inodes[0])
+   job_id = _rapi_client.GetInstanceInfo(instance.name)
+   if not _rapi_client.WaitForJobCompletion(job_id):
+     raise qa_error.Error("Could not fetch instance info for instance %s" %
+                          instance.name)
+   info_dict = _rapi_client.GetJobStatus(job_id)
+   if drbd_secret in str(info_dict):
+     print qa_utils.FormatInfo("DRBD secret: %s" % drbd_secret)
+     print qa_utils.FormatInfo("Retrieved data\n%s" % str(info_dict))
+     raise qa_error.Error("Found DRBD secret in contents of RAPI instance info"
+                          " call; see above.")