tests: Remove trust password

Signed-off-by: Stéphane Graber <[email protected]> (cherry picked from commit a47d14fdeac0d2fb4544553b7a4973e62816a68d) Signed-off-by: Julian Pelizäus <[email protected]> License: Apache-2.0
roosterfish · Jun 11, 2024 · d283c27 · d283c27
1 parent d9e8775
commit d283c27
Show file tree

Hide file tree

Showing 22 changed files with 180 additions and 179 deletions.
diff --git a/test/extras/stresstest.sh b/test/extras/stresstest.sh
@@ -102,9 +102,6 @@ spawn_lxd() {
 
   echo "==> Binding to network"
   LXD_DIR="$lxddir" lxc config set core.https_address "$addr"
-
-  echo "==> Setting trust password"
-  LXD_DIR="$lxddir" lxc config set core.trust_password foo
 }
 
 spawn_lxd 127.0.0.1:18443 "$LXD_DIR"

diff --git a/test/includes/clustering.sh b/test/includes/clustering.sh
@@ -133,7 +133,6 @@ spawn_lxd_and_bootstrap_cluster() {
 
     cat > "${LXD_DIR}/preseed.yaml" <<EOF
 config:
-  core.trust_password: sekret
   core.https_address: 10.1.1.101:8443
 EOF
     if [ "${port}" != "" ]; then
@@ -209,17 +208,21 @@ spawn_lxd_and_join_cluster() {
   index="${4}"
   target="${5}"
   LXD_DIR="${6}"
+  if [ -d "${7}" ]; then
+    token="$(LXD_DIR=${7} lxc cluster add --quiet "node${index}")"
+  else
+    token="${7}"
+  fi
   driver="dir"
   port="8443"
-  if [ "$#" -ge  "7" ]; then
-      driver="${7}"
-  fi
   if [ "$#" -ge  "8" ]; then
-      port="${8}"
+      driver="${8}"
+  fi
+  if [ "$#" -ge  "9" ]; then
+      port="${9}"
   fi
 
   echo "==> Spawn additional cluster node in ${ns} with storage driver ${driver}"
-  secret="${LXD_SECRET:-"sekret"}"
 
   LXD_NETNS="${ns}" spawn_lxd "${LXD_DIR}" false
   (
@@ -238,7 +241,7 @@ cluster:
   server_address: 10.1.1.10${index}:${port}
   cluster_address: 10.1.1.10${target}:8443
   cluster_certificate: "$cert"
-  cluster_password: ${secret}
+  cluster_token: ${token}
   member_config:
 EOF
     # Declare the pool only if the driver is not ceph, because

diff --git a/test/includes/lxd.sh b/test/includes/lxd.sh
@@ -60,8 +60,6 @@ spawn_lxd() {
         done
     fi
 
-    echo "==> Setting trust password"
-    LXD_DIR="${lxddir}" lxc config set core.trust_password foo
     if [ -n "${DEBUG:-}" ]; then
         set -x
     fi

diff --git a/test/includes/setup.sh b/test/includes/setup.sh
@@ -4,7 +4,8 @@ ensure_has_localhost_remote() {
     # shellcheck disable=SC2039,3043
     local addr="${1}"
     if ! lxc remote list | grep -q "localhost"; then
-        lxc remote add localhost "https://${addr}" --accept-certificate --password foo
+        token="$(lxc config trust add --name foo -q)"
+        lxc remote add localhost "https://${addr}" --accept-certificate --token "${token}"
     fi
 }
 

diff --git a/test/suites/auth.sh b/test/suites/auth.sh
@@ -225,31 +225,22 @@ fine_grained_authorization() {
   lxc auth group permission remove test-group server can_view_warnings
 
   # Check we are not able to view any server config currently.
-  # Here we explicitly use two settings that contain actual passwords.
-  lxc config set core.trust_password foo2
-  lxc config set loki.auth.password bar2
+  # Here we explicitly a setting that contains an actual password.
+  lxc config set loki.auth.password bar
   [ "$(lxc_remote query oidc:/1.0 | jq '.config | length')" = 0 ]
-  [ "$(lxc_remote query oidc:/1.0 | jq -r '.config."core.trust_password"')" = "null" ]
   [ "$(lxc_remote query oidc:/1.0 | jq -r '.config."loki.auth.password"')" = "null" ]
 
   # Check we are not able to set any server config currently.
-  ! lxc_remote config set oidc: core.trust_password foo3 || false
-  ! lxc_remote config set oidc: loki.auth.password bar3 || false
+  ! lxc_remote config set oidc: loki.auth.password bar2 || false
 
   # Add "can_edit" permission to group.
   lxc auth group permission add test-group server can_edit
 
   # Check we can view the server's config.
-  # As the core.trust_password is stored as scrypt value together with its hash, we cannot easily compare it against the original value.
-  [ "$(lxc_remote query oidc:/1.0 | jq -r '.config."core.trust_password"')" != "null" ]
-  [ "$(lxc_remote query oidc:/1.0 | jq -r '.config."loki.auth.password"')" = "bar2" ]
+  [ "$(lxc_remote query oidc:/1.0 | jq -r '.config."loki.auth.password"')" = "bar" ]
 
   # Check we can modify the server's config.
-  lxc_remote config set oidc: core.trust_password foo3
-  lxc_remote config set oidc: loki.auth.password bar3
-
-  # Reset the trust password to prevent side effects.
-  lxc config set core.trust_password foo
+  lxc_remote config set oidc: loki.auth.password bar2
 
   lxc auth group permission remove test-group server can_edit
   lxc config unset loki.auth.password

diff --git a/test/suites/basic.sh b/test/suites/basic.sh
@@ -656,11 +656,9 @@ test_basic_usage() {
 
   # Test rebuilding an instance with a new image.
   lxc init c1 --empty
-  lxc remote add l1 "${LXD_ADDR}" --accept-certificate --password foo
-  lxc rebuild l1:testimage c1
+  lxc rebuild testimage c1
   lxc start c1
   lxc delete c1 -f
-  lxc remote remove l1
 
   # Test rebuilding an instance with an empty file system.
   lxc init testimage c1
@@ -680,6 +678,8 @@ test_basic_usage() {
   lxc launch testimage c2
   lxc launch testimage c3
 
+  fingerprint="$(lxc config trust ls --format csv | cut -d, -f4)"
+  lxc config trust remove "${fingerprint}"
   lxc delete -f c1 c2 c3
   remaining_instances="$(lxc list --format csv)"
   [ -z "${remaining_instances}" ]
-Original file line number
+Diff line change
@@ Expand Up / @@ -60,8 +60,6 @@ spawn_lxd() { @@
             done
         fi
-        echo "==> Setting trust password"
-        LXD_DIR="${lxddir}" lxc config set core.trust_password foo
         if [ -n "${DEBUG:-}" ]; then
             set -x
         fi
@@ Expand Down @@