<feed xmlns='http://www.w3.org/2005/Atom'>
<title>vyos-cloud-init.git/tests/integration_tests/modules/test_set_password.py, branch rolling</title>
<subtitle> (mirror of https://github.com/vyos/vyos-cloud-init.git)
</subtitle>
<id>https://git.amelek.net/vyos/vyos-cloud-init.git/atom?h=rolling</id>
<link rel='self' href='https://git.amelek.net/vyos/vyos-cloud-init.git/atom?h=rolling'/>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-cloud-init.git/'/>
<updated>2022-02-14T15:51:03+00:00</updated>
<entry>
<title>tests: when generating crypted password, generate in target env (#1252)</title>
<updated>2022-02-14T15:51:03+00:00</updated>
<author>
<name>Chad Smith</name>
<email>chad.smith@canonical.com</email>
</author>
<published>2022-02-14T15:51:03+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-cloud-init.git/commit/?id=17818549b3dda58a907ef44ed7de9f837ad66c3c'/>
<id>urn:sha1:17818549b3dda58a907ef44ed7de9f837ad66c3c</id>
<content type='text'>
There are inconsistencies for cryptographic libraries across
major distribution releases.

From a bionic host, which doesn't support yescrypt hashing scheme,
attempting run run crypt.crypt locally using a yescrypt hash
from a Jammmy /etc/shadow file will result in failure to produce an
encrypted password. For "unsupported" hash schemes, crypt.crypt
returns None.

To avoid inconsistencies of python cryptographic libs across Linux
releases, perform the password encryption on the system under test.</content>
</entry>
<entry>
<title>Adopt Black and isort (SC-700) (#1157)</title>
<updated>2021-12-16T02:16:38+00:00</updated>
<author>
<name>James Falcon</name>
<email>james.falcon@canonical.com</email>
</author>
<published>2021-12-16T02:16:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-cloud-init.git/commit/?id=bae9b11da9ed7dd0b16fe5adeaf4774b7cc628cf'/>
<id>urn:sha1:bae9b11da9ed7dd0b16fe5adeaf4774b7cc628cf</id>
<content type='text'>
Applied Black and isort, fixed any linting issues, updated tox.ini
and CI.
</content>
</entry>
<entry>
<title>Integration test upgrades for the 21.3-1 SRU (#1001)</title>
<updated>2021-09-15T15:44:26+00:00</updated>
<author>
<name>James Falcon</name>
<email>therealfalcon@gmail.com</email>
</author>
<published>2021-09-15T15:44:26+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-cloud-init.git/commit/?id=023f97d4e64c267b8bd809510b3fc75fcb9da688'/>
<id>urn:sha1:023f97d4e64c267b8bd809510b3fc75fcb9da688</id>
<content type='text'>
* Update test_combined.py to allow either valid LXD subplatform
* Split jinja templated tests into separate module as they can be more
  fragile
* Move checks for warnings and tracebacks into dedicated utility
  function. This allows us to work around persistent and expected
  tracebacks/warnings on particular clouds.
* Update test_upgrade.py to allow either valid Azure datasource.
  /var/lib/waagent or a mounted device are both valid.
* Add specificity to test_ntp_servers.py
  Clouds will often specify their own ntp servers in the ntp
  configuration files, so make the tests manually specify their own.
* Account for additional keys on system in test_ssh_keysfiles.py
* Update tests to account for invalid cache
  test_user_events.py and test_version_change.py both have tests that
  assume we will have valid ds cache when rebooting.
  In test_user_events.py, subsequent boots should block applying
  network on boot if boot event is denied. However, if the cache is
  invalid, it is valid to apply networking config that boot.
  In test_version_change.py no cache found won't trigger the expected
  debug log. Additionally, the pickle used for that test on an older
  release triggered an unexpected issue that took a different error
  path.
* Ignore bionic in hotplug tests (LP: #1942247)
  On Bionic, we traceback when attempting to detect the hotplugged
  device in the updated metadata. This is because Bionic is
  specifically configured not to provide network metadata.
  See LP: #1942247 for more details.
* Fix date used in test_final_message.
  In test_final_message, we ensured the variable substitution works as
  expected. For $timestamp, we compared against the current date. It's
  possible for the host date to be massively different from the client
  date, so obtain date on client rather than host.
* Remove module success from lp1813396 test. Module may fail
  unrelatedly (in this case apt-get update is failing), but the test
  should still pass.
* Skip testing events if network is disabled
* Ensure we install expected version of cloud-init
  As part of test setup, we can install cloud-init from various
  sources, including PROPOSED, PPAs, etc. We were never checking that
  this install completes successfully, and on OCI, it wasn't
  completing successfully because of apt locking issues. Code has
  been updated to retry, and then fail loudly if we can't complete the
  install.
* Remove ubuntu-azure-fips metapkg which mandates FIPS-flavour kernel
  In test_lp1835584.py
* Update test_user_events.py to account for Azure behavior
  since Azure has a separate service to clear the pickled metadata
  every boot
* Change failure to warning in test_upgrade.py if initial boot errors
  If there's already a pre-existing cause for warnings or tracebacks,
  that shouldn't cause the new version to fail.
* Add retry to test_random_passwords_emitted_to_serial_console
  It's possible we haven't retrieved the entire log when the call returns,
  so retry a few times if the output isn't empty.</content>
</entry>
<entry>
<title>write passwords only to serial console, lock down cloud-init-output.log (#847)</title>
<updated>2021-03-19T14:06:42+00:00</updated>
<author>
<name>Daniel Watkins</name>
<email>oddbloke@ubuntu.com</email>
</author>
<published>2021-03-19T14:06:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-cloud-init.git/commit/?id=b794d426b9ab43ea9d6371477466070d86e10668'/>
<id>urn:sha1:b794d426b9ab43ea9d6371477466070d86e10668</id>
<content type='text'>
Prior to this commit, when a user specified configuration which would
generate random passwords for users, cloud-init would cause those
passwords to be written to the serial console by emitting them on
stderr.  In the default configuration, any stdout or stderr emitted by
cloud-init is also written to `/var/log/cloud-init-output.log`.  This
file is world-readable, meaning that those randomly-generated passwords
were available to be read by any user with access to the system.  This
presents an obvious security issue.

This commit responds to this issue in two ways:

* We address the direct issue by moving from writing the passwords to
  sys.stderr to writing them directly to /dev/console (via
  util.multi_log); this means that the passwords will never end up in
  cloud-init-output.log
* To avoid future issues like this, we also modify the logging code so
  that any files created in a log sink subprocess will only be
  owner/group readable and, if it exists, will be owned by the adm
  group.  This results in `/var/log/cloud-init-output.log` no longer
  being world-readable, meaning that if there are other parts of the
  codebase that are emitting sensitive data intended for the serial
  console, that data is no longer available to all users of the system.

LP: #1918303</content>
</entry>
<entry>
<title>only run a subset of integration tests in CI (#672)</title>
<updated>2020-11-18T14:48:47+00:00</updated>
<author>
<name>Daniel Watkins</name>
<email>oddbloke@ubuntu.com</email>
</author>
<published>2020-11-18T14:48:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-cloud-init.git/commit/?id=cd752df6154c403e6dccaf5e797c1d4f8396f756'/>
<id>urn:sha1:cd752df6154c403e6dccaf5e797c1d4f8396f756</id>
<content type='text'>
This introduces the "ci" mark, used to indicate a test which should run
as part of our CI integration testing run and the integration-tests-ci
tox environment, which runs only those tests. Travis has been adjusted
to use this tox environment.

(All current module tests have been marked with the "ci" mark, but the
one bug test that we have has not.)</content>
</entry>
<entry>
<title>integration_tests: implement citest tests run in Travis (#605)</title>
<updated>2020-10-16T14:22:50+00:00</updated>
<author>
<name>Daniel Watkins</name>
<email>oddbloke@ubuntu.com</email>
</author>
<published>2020-10-16T14:22:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-cloud-init.git/commit/?id=268fefa309c20181f18ce1081e26aa90cc0b2f85'/>
<id>urn:sha1:268fefa309c20181f18ce1081e26aa90cc0b2f85</id>
<content type='text'>
Specifically:
* `apt_configure_sources_list`
* `ntp_servers`
* `set_password_list`
* `users_groups`

Although not currently run in Travis, `set_password_list_string` was
ported over alongside `set_password_list` (as `test_set_password`).</content>
</entry>
</feed>
