Skip to content

Commit

Permalink
tests: Remove trust password
Browse files Browse the repository at this point in the history
Signed-off-by: Stéphane Graber <[email protected]>
(cherry picked from commit a47d14fdeac0d2fb4544553b7a4973e62816a68d)
Signed-off-by: Julian Pelizäus <[email protected]>
License: Apache-2.0
  • Loading branch information
stgraber authored and roosterfish committed Jun 10, 2024
1 parent 65b8099 commit 69fb53a
Show file tree
Hide file tree
Showing 21 changed files with 170 additions and 166 deletions.
3 changes: 0 additions & 3 deletions test/extras/stresstest.sh
Original file line number Diff line number Diff line change
Expand Up @@ -102,9 +102,6 @@ spawn_lxd() {

echo "==> Binding to network"
LXD_DIR="$lxddir" lxc config set core.https_address "$addr"

echo "==> Setting trust password"
LXD_DIR="$lxddir" lxc config set core.trust_password foo
}

spawn_lxd 127.0.0.1:18443 "$LXD_DIR"
Expand Down
17 changes: 10 additions & 7 deletions test/includes/clustering.sh
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,6 @@ spawn_lxd_and_bootstrap_cluster() {

cat > "${LXD_DIR}/preseed.yaml" <<EOF
config:
core.trust_password: sekret
core.https_address: 10.1.1.101:8443
EOF
if [ "${port}" != "" ]; then
Expand Down Expand Up @@ -209,17 +208,21 @@ spawn_lxd_and_join_cluster() {
index="${4}"
target="${5}"
LXD_DIR="${6}"
if [ -d "${7}" ]; then
token="$(LXD_DIR=${7} lxc cluster add --quiet "node${index}")"
else
token="${7}"
fi
driver="dir"
port="8443"
if [ "$#" -ge "7" ]; then
driver="${7}"
fi
if [ "$#" -ge "8" ]; then
port="${8}"
driver="${8}"
fi
if [ "$#" -ge "9" ]; then
port="${9}"
fi

echo "==> Spawn additional cluster node in ${ns} with storage driver ${driver}"
secret="${LXD_SECRET:-"sekret"}"

LXD_NETNS="${ns}" spawn_lxd "${LXD_DIR}" false
(
Expand All @@ -238,7 +241,7 @@ cluster:
server_address: 10.1.1.10${index}:${port}
cluster_address: 10.1.1.10${target}:8443
cluster_certificate: "$cert"
cluster_password: ${secret}
cluster_token: ${token}
member_config:
EOF
# Declare the pool only if the driver is not ceph, because
Expand Down
2 changes: 0 additions & 2 deletions test/includes/lxd.sh
Original file line number Diff line number Diff line change
Expand Up @@ -60,8 +60,6 @@ spawn_lxd() {
done
fi

echo "==> Setting trust password"
LXD_DIR="${lxddir}" lxc config set core.trust_password foo
if [ -n "${DEBUG:-}" ]; then
set -x
fi
Expand Down
3 changes: 2 additions & 1 deletion test/includes/setup.sh
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@ ensure_has_localhost_remote() {
# shellcheck disable=SC2039,3043
local addr="${1}"
if ! lxc remote list | grep -q "localhost"; then
lxc remote add localhost "https://${addr}" --accept-certificate --password foo
token="$(lxc config trust add --name foo -q)"
lxc remote add localhost "https://${addr}" --accept-certificate --token "${token}"
fi
}

Expand Down
19 changes: 5 additions & 14 deletions test/suites/auth.sh
Original file line number Diff line number Diff line change
Expand Up @@ -225,31 +225,22 @@ fine_grained_authorization() {
lxc auth group permission remove test-group server can_view_warnings

# Check we are not able to view any server config currently.
# Here we explicitly use two settings that contain actual passwords.
lxc config set core.trust_password foo2
lxc config set loki.auth.password bar2
# Here we explicitly a setting that contains an actual password.
lxc config set loki.auth.password bar
[ "$(lxc_remote query oidc:/1.0 | jq '.config | length')" = 0 ]
[ "$(lxc_remote query oidc:/1.0 | jq -r '.config."core.trust_password"')" = "null" ]
[ "$(lxc_remote query oidc:/1.0 | jq -r '.config."loki.auth.password"')" = "null" ]

# Check we are not able to set any server config currently.
! lxc_remote config set oidc: core.trust_password foo3 || false
! lxc_remote config set oidc: loki.auth.password bar3 || false
! lxc_remote config set oidc: loki.auth.password bar2 || false

# Add "can_edit" permission to group.
lxc auth group permission add test-group server can_edit

# Check we can view the server's config.
# As the core.trust_password is stored as scrypt value together with its hash, we cannot easily compare it against the original value.
[ "$(lxc_remote query oidc:/1.0 | jq -r '.config."core.trust_password"')" != "null" ]
[ "$(lxc_remote query oidc:/1.0 | jq -r '.config."loki.auth.password"')" = "bar2" ]
[ "$(lxc_remote query oidc:/1.0 | jq -r '.config."loki.auth.password"')" = "bar" ]

# Check we can modify the server's config.
lxc_remote config set oidc: core.trust_password foo3
lxc_remote config set oidc: loki.auth.password bar3

# Reset the trust password to prevent side effects.
lxc config set core.trust_password foo
lxc_remote config set oidc: loki.auth.password bar2

lxc auth group permission remove test-group server can_edit
lxc config unset loki.auth.password
Expand Down
6 changes: 3 additions & 3 deletions test/suites/basic.sh
Original file line number Diff line number Diff line change
Expand Up @@ -656,11 +656,9 @@ test_basic_usage() {

# Test rebuilding an instance with a new image.
lxc init c1 --empty
lxc remote add l1 "${LXD_ADDR}" --accept-certificate --password foo
lxc rebuild l1:testimage c1
lxc rebuild testimage c1
lxc start c1
lxc delete c1 -f
lxc remote remove l1

# Test rebuilding an instance with an empty file system.
lxc init testimage c1
Expand All @@ -680,6 +678,8 @@ test_basic_usage() {
lxc launch testimage c2
lxc launch testimage c3

fingerprint="$(lxc config trust ls --format csv | cut -d, -f4)"
lxc config trust remove "${fingerprint}"
lxc delete -f c1 c2 c3
remaining_instances="$(lxc list --format csv)"
[ -z "${remaining_instances}" ]
Expand Down
Loading

0 comments on commit 69fb53a

Please sign in to comment.