Juju Lint

Merge ~gabrielcocenza/juju-lint:bug/1999263 into juju-lint:master

  1. Git
  2. lp:~gabrielcocenza/juju-lint
  3. bug/1999263
  4. Merge into master
Proposed by Gabriel Cocenza
Status: Merged
Approved by: Erhan Sunar
Approved revision: ea923140c98d70d2597d06543f644807fedb586b
Merged at revision: 3313998dfb8ea65a9f5d4e5043729beff558f598
Proposed branch: ~gabrielcocenza/juju-lint:bug/1999263
Merge into: juju-lint:master
Diff against target: 66 lines (+32/-1)
3 files modified
contrib/includes/openstack.yaml (+4/-0)
jujulint/lint.py (+0/-1)
tests/unit/test_jujulint.py (+28/-0)
Reviewer Review Type Date Requested Status
Erhan Sunar (community) Approve
Tianqi Xiao (community) Approve
🤖 prod-jenkaas-bootstack continuous-integration Approve
Martin Kalcok (community) Approve
BootStack Reviewers Pending
Gabriel Cocenza Pending
Review via email: mp+436732@code.launchpad.net

This proposal supersedes a proposal from 2023-01-20.

Commit message

Added check for nova-compute ephemeral devices config

This alerts if the nova-compute config option "ephemeral-device" is set
to /dev/sdX or /dev/vgX, to prevent ephemeral devices on landing on a
root drive.

Closes-Bug: #1999263

Description of the change

I tested the change on ps5 (ephemeral-device is set to /dev/disk/..., so it passed without error) and did some local test with only a nova-compute charm:
https://pastebin.canonical.com/p/N6qPQ8KxCG/

To post a comment you must log in.
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote : Posted in a previous version of this proposal

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Revision history for this message
🤖 prod-jenkaas-bootstack (prod-jenkaas-bootstack) wrote : Posted in a previous version of this proposal

PASSED: Continuous integration, rev:d974ec7f398904747589e0fa1a3e6b96b5a406a9
https://jenkins.canonical.com/bootstack/job/lp-juju-lint-ci/59/
Executed test runs:
    SUCCESS: https://jenkins.canonical.com/bootstack/job/lp-charm-test-functest/2060/
    None: https://jenkins.canonical.com/bootstack/job/lp-update-mp/1935/

Click here to trigger a rebuild:
https://jenkins.canonical.com/bootstack/job/lp-juju-lint-ci/59//rebuild

review: Approve (continuous-integration)
Revision history for this message
Erhan Sunar (esunar) : Posted in a previous version of this proposal
review: Approve
Revision history for this message
Gabriel Cocenza (gabrielcocenza) wrote : Posted in a previous version of this proposal

Hi Marcus.
Thanks for the patch. The change LGTM, but I think it would be beneficial to have a unit test checking this regex. You can take a look at the unit test code[0] to get some inspiration. Moreover, I think that a "custom-message[1]" would be beneficial for users understand the problem. A message like: "dev/sdX or/dev/vgX should not be used as ephemeral-devices because it can encrypt the root drive"

Thanks

[0]https://git.launchpad.net/juju-lint/tree/tests/unit/test_jujulint.py#n1009
[1] https://git.launchpad.net/juju-lint/tree/contrib/includes/openstack.yaml#n30

review: Needs Information
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Revision history for this message
🤖 prod-jenkaas-bootstack (prod-jenkaas-bootstack) wrote :

PASSED: Continuous integration, rev:ac767336c90bdc045d991086e0a9246a0b70aae0
https://jenkins.canonical.com/bootstack/job/lp-juju-lint-ci/68/
Executed test runs:
    SUCCESS: https://jenkins.canonical.com/bootstack/job/lp-charm-test-functest/2170/
    None: https://jenkins.canonical.com/bootstack/job/lp-update-mp/1977/

Click here to trigger a rebuild:
https://jenkins.canonical.com/bootstack/job/lp-juju-lint-ci/68//rebuild

review: Approve (continuous-integration)
Revision history for this message
Martin Kalcok (martin-kalcok) wrote :

Please see inline comment. otherwise +1.

review: Needs Fixing
Revision history for this message
Martin Kalcok (martin-kalcok) wrote :

Fixed, thanks. +1

review: Approve
Revision history for this message
🤖 prod-jenkaas-bootstack (prod-jenkaas-bootstack) wrote :

PASSED: Continuous integration, rev:ea923140c98d70d2597d06543f644807fedb586b
https://jenkins.canonical.com/bootstack/job/lp-juju-lint-ci/69/
Executed test runs:
    SUCCESS: https://jenkins.canonical.com/bootstack/job/lp-charm-test-functest/2180/
    None: https://jenkins.canonical.com/bootstack/job/lp-update-mp/1987/

Click here to trigger a rebuild:
https://jenkins.canonical.com/bootstack/job/lp-juju-lint-ci/69//rebuild

review: Approve (continuous-integration)
Revision history for this message
Tianqi Xiao (txiao) wrote :

LGTM

review: Approve
Revision history for this message
Erhan Sunar (esunar) :
review: Approve
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

Change successfully merged at revision 3313998dfb8ea65a9f5d4e5043729beff558f598

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/contrib/includes/openstack.yaml b/contrib/includes/openstack.yaml
2index 5814fac..4f8ee2e 100644
3--- a/contrib/includes/openstack.yaml
4+++ b/contrib/includes/openstack.yaml
5@@ -29,6 +29,10 @@ openstack config base: &openstack-config-base
6 log-level: warning
7 custom-message:
8 Default 4 workers is too low for production clouds.
9+ ephemeral-device:
10+ search: "^((?!/dev/vg|/dev/sd).)*$"
11+ custom-message:
12+ dev/sdX or/dev/vgX should not be used as ephemeral-devices. See lp#1999263
13 rabbitmq-server:
14 cluster-partition-handling:
15 eq: "pause_minority"
16diff --git a/jujulint/lint.py b/jujulint/lint.py
17index 54267b2..d263feb 100755
18--- a/jujulint/lint.py
19+++ b/jujulint/lint.py
20@@ -1397,7 +1397,6 @@ class Linter:
21 input_file = input_handler(parsed_yaml, applications)
22
23 if applications in parsed_yaml:
24-
25 # Build a list of deployed charms and mapping of charms <-> applications
26 self.map_charms(parsed_yaml[applications])
27
28diff --git a/tests/unit/test_jujulint.py b/tests/unit/test_jujulint.py
29index 8970d29..c0f7c7a 100644
30--- a/tests/unit/test_jujulint.py
31+++ b/tests/unit/test_jujulint.py
32@@ -1075,6 +1075,34 @@ applications:
33 errors[0]["actual_value"] == "[[/, queue1, 10, 20], [\\*, \\*, 10, 20]]"
34 )
35
36+ @pytest.mark.parametrize(
37+ "block_device, show_error",
38+ [("/dev/vga", True), ("/dev/sda", True), ("/dev/foo", False)],
39+ )
40+ def test_config_search_ephemeral_device(
41+ self, linter, juju_status, block_device, show_error
42+ ):
43+ """Test the config ephemeral-device regex pattern."""
44+ custom_msg = (
45+ "dev/sdX or/dev/vgX should not be used as ephemeral-devices. See lp#1999263"
46+ )
47+ linter.lint_rules["config"] = {
48+ "ubuntu": {
49+ "fake_opt": {
50+ "search": "^((?!/dev/vg|/dev/sd).)*$",
51+ "custom-message": custom_msg,
52+ }
53+ }
54+ }
55+ juju_status["applications"]["ubuntu"]["options"] = {"fake_opt": block_device}
56+ linter.do_lint(juju_status)
57+ errors = linter.output_collector["errors"]
58+ if show_error:
59+ assert len(errors) == 1
60+ assert errors[0]["message"] == custom_msg
61+ else:
62+ assert len(errors) == 0
63+
64 def test_config_search_missing(self, linter, mocker):
65 """Test the config search method logs warning if the config option is missing."""
66 app_name = "ubuntu"

Subscribers

People subscribed via source and target branches