Wipe agent tokens on inspection start and abort
Also make sure the pregenerated flag is always reset. Change-Id: I73aaa803d3eb84ddac59a778e998836a645217eb
This commit is contained in:
parent
4d79021513
commit
c6e8281f85
@ -1333,6 +1333,7 @@ class ConductorManager(base_manager.BaseConductorManager):
|
|||||||
'Error: %s') % e
|
'Error: %s') % e
|
||||||
node.save()
|
node.save()
|
||||||
node.last_error = _('Inspection was aborted by request.')
|
node.last_error = _('Inspection was aborted by request.')
|
||||||
|
utils.wipe_token_and_url(task)
|
||||||
task.process_event('abort')
|
task.process_event('abort')
|
||||||
LOG.info('Successfully aborted inspection of node %(node)s',
|
LOG.info('Successfully aborted inspection of node %(node)s',
|
||||||
{'node': node.uuid})
|
{'node': node.uuid})
|
||||||
@ -3680,9 +3681,9 @@ def _do_inspect_hardware(task):
|
|||||||
log_func("Failed to inspect node %(node)s: %(err)s",
|
log_func("Failed to inspect node %(node)s: %(err)s",
|
||||||
{'node': node.uuid, 'err': e})
|
{'node': node.uuid, 'err': e})
|
||||||
|
|
||||||
# Remove agent_url, while not strictly needed for the inspection path,
|
# Inspection cannot start in fast-track mode, wipe token and URL.
|
||||||
# lets just remove it out of good practice.
|
utils.wipe_token_and_url(task)
|
||||||
utils.remove_agent_url(node)
|
|
||||||
try:
|
try:
|
||||||
new_state = task.driver.inspect.inspect_hardware(task)
|
new_state = task.driver.inspect.inspect_hardware(task)
|
||||||
except exception.IronicException as e:
|
except exception.IronicException as e:
|
||||||
|
@ -1215,6 +1215,8 @@ def add_secret_token(node, pregenerated=False):
|
|||||||
i_info['agent_secret_token'] = token
|
i_info['agent_secret_token'] = token
|
||||||
if pregenerated:
|
if pregenerated:
|
||||||
i_info['agent_secret_token_pregenerated'] = True
|
i_info['agent_secret_token_pregenerated'] = True
|
||||||
|
else:
|
||||||
|
i_info.pop('agent_secret_token_pregenerated', None)
|
||||||
node.driver_internal_info = i_info
|
node.driver_internal_info = i_info
|
||||||
|
|
||||||
|
|
||||||
|
@ -6057,7 +6057,8 @@ class NodeInspectHardware(mgr_utils.ServiceSetUpMixin, db_base.DbTestCase):
|
|||||||
node = obj_utils.create_test_node(
|
node = obj_utils.create_test_node(
|
||||||
self.context, driver='fake-hardware',
|
self.context, driver='fake-hardware',
|
||||||
provision_state=states.INSPECTING,
|
provision_state=states.INSPECTING,
|
||||||
driver_internal_info={'agent_url': 'url'})
|
driver_internal_info={'agent_url': 'url',
|
||||||
|
'agent_secret_token': 'token'})
|
||||||
task = task_manager.TaskManager(self.context, node.uuid)
|
task = task_manager.TaskManager(self.context, node.uuid)
|
||||||
mock_inspect.return_value = states.MANAGEABLE
|
mock_inspect.return_value = states.MANAGEABLE
|
||||||
manager._do_inspect_hardware(task)
|
manager._do_inspect_hardware(task)
|
||||||
@ -6068,6 +6069,7 @@ class NodeInspectHardware(mgr_utils.ServiceSetUpMixin, db_base.DbTestCase):
|
|||||||
mock_inspect.assert_called_once_with(task.driver.inspect, task)
|
mock_inspect.assert_called_once_with(task.driver.inspect, task)
|
||||||
task.node.refresh()
|
task.node.refresh()
|
||||||
self.assertNotIn('agent_url', task.node.driver_internal_info)
|
self.assertNotIn('agent_url', task.node.driver_internal_info)
|
||||||
|
self.assertNotIn('agent_secret_token', task.node.driver_internal_info)
|
||||||
|
|
||||||
@mock.patch('ironic.drivers.modules.fake.FakeInspect.inspect_hardware',
|
@mock.patch('ironic.drivers.modules.fake.FakeInspect.inspect_hardware',
|
||||||
autospec=True)
|
autospec=True)
|
||||||
@ -7879,9 +7881,12 @@ class DoNodeInspectAbortTestCase(mgr_utils.CommonMixIn,
|
|||||||
@mock.patch('ironic.conductor.task_manager.acquire', autospec=True)
|
@mock.patch('ironic.conductor.task_manager.acquire', autospec=True)
|
||||||
def test_do_inspect_abort_succeeded(self, mock_acquire, mock_abort):
|
def test_do_inspect_abort_succeeded(self, mock_acquire, mock_abort):
|
||||||
self._start_service()
|
self._start_service()
|
||||||
node = obj_utils.create_test_node(self.context,
|
node = obj_utils.create_test_node(
|
||||||
|
self.context,
|
||||||
driver='fake-hardware',
|
driver='fake-hardware',
|
||||||
provision_state=states.INSPECTWAIT)
|
provision_state=states.INSPECTWAIT,
|
||||||
|
driver_internal_info={'agent_url': 'url',
|
||||||
|
'agent_secret_token': 'token'})
|
||||||
task = task_manager.TaskManager(self.context, node.uuid)
|
task = task_manager.TaskManager(self.context, node.uuid)
|
||||||
mock_acquire.side_effect = self._get_acquire_side_effect(task)
|
mock_acquire.side_effect = self._get_acquire_side_effect(task)
|
||||||
self.service.do_provisioning_action(self.context, task.node.uuid,
|
self.service.do_provisioning_action(self.context, task.node.uuid,
|
||||||
@ -7889,3 +7894,5 @@ class DoNodeInspectAbortTestCase(mgr_utils.CommonMixIn,
|
|||||||
node.refresh()
|
node.refresh()
|
||||||
self.assertEqual('inspect failed', node.provision_state)
|
self.assertEqual('inspect failed', node.provision_state)
|
||||||
self.assertIn('Inspection was aborted', node.last_error)
|
self.assertIn('Inspection was aborted', node.last_error)
|
||||||
|
self.assertNotIn('agent_url', node.driver_internal_info)
|
||||||
|
self.assertNotIn('agent_secret_token', node.driver_internal_info)
|
||||||
|
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
Correctly wipes agent token on inspection start and abort.
|
Loading…
Reference in New Issue
Block a user