Hello community, here is the log from the commit of package crmsh for openSUSE:Factory checked in at 2020-09-22 21:12:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/crmsh (Old) and /work/SRC/openSUSE:Factory/.crmsh.new.4249 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "crmsh" Tue Sep 22 21:12:52 2020 rev:193 rq:835959 version:4.2.0+git.1600742357.6be225e5 Changes: -------- --- /work/SRC/openSUSE:Factory/crmsh/crmsh.changes 2020-09-12 00:10:42.221110285 +0200 +++ /work/SRC/openSUSE:Factory/.crmsh.new.4249/crmsh.changes 2020-09-22 21:13:29.928051062 +0200 @@ -1,0 +2,8 @@ +Tue Sep 22 02:54:36 UTC 2020 - [email protected] + +- Update to version 4.2.0+git.1600742357.6be225e5: + * Low: config: Try to handle configparser.MissingSectionHeaderError while reading config file + * Dev: behave: functional test for obscure sensitive data by default + * Medium: ui_configure: Obscure sensitive data by default(bsc#1163581) + +------------------------------------------------------------------- Old: ---- crmsh-4.2.0+git.1599810948.3db12a7a.tar.bz2 New: ---- crmsh-4.2.0+git.1600742357.6be225e5.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ crmsh.spec ++++++ --- /var/tmp/diff_new_pack.knANL0/_old 2020-09-22 21:13:30.876051892 +0200 +++ /var/tmp/diff_new_pack.knANL0/_new 2020-09-22 21:13:30.880051895 +0200 @@ -36,7 +36,7 @@ Summary: High Availability cluster command-line interface License: GPL-2.0-or-later Group: %{pkg_group} -Version: 4.2.0+git.1599810948.3db12a7a +Version: 4.2.0+git.1600742357.6be225e5 Release: 0 Url: http://crmsh.github.io Source0: %{name}-%{version}.tar.bz2 ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.knANL0/_old 2020-09-22 21:13:30.928051937 +0200 +++ /var/tmp/diff_new_pack.knANL0/_new 2020-09-22 21:13:30.928051937 +0200 @@ -5,4 +5,4 @@ <param name="url">https://github.com/liangxin1300/crmsh.git</param> <param name="changesrevision">d8dc51b4cb34964aa72e918999ebc7f03b48f3c9</param></service><service name="tar_scm"> <param name="url">https://github.com/ClusterLabs/crmsh.git</param> - <param name="changesrevision">78b300261b5edb0b0b85703acc2fe3b67df95b33</param></service></servicedata> \ No newline at end of file + <param name="changesrevision">6be225e5a9e397eaab21e063693d87a854d1d170</param></service></servicedata> \ No newline at end of file ++++++ crmsh-4.2.0+git.1599810948.3db12a7a.tar.bz2 -> crmsh-4.2.0+git.1600742357.6be225e5.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/crmsh-4.2.0+git.1599810948.3db12a7a/.travis.yml new/crmsh-4.2.0+git.1600742357.6be225e5/.travis.yml --- old/crmsh-4.2.0+git.1599810948.3db12a7a/.travis.yml 2020-09-11 09:55:48.000000000 +0200 +++ new/crmsh-4.2.0+git.1600742357.6be225e5/.travis.yml 2020-09-22 04:39:17.000000000 +0200 @@ -78,6 +78,12 @@ script: - $FUNCTIONAL_TEST resource run + - name: "functional test for configure sublevel bugs" + before_install: + - $FUNCTIONAL_TEST configure before_install + script: + - $FUNCTIONAL_TEST configure run bugs + - name: "functional test for geo cluster" before_install: - $FUNCTIONAL_TEST geo before_install diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/crmsh-4.2.0+git.1599810948.3db12a7a/crm.conf.in new/crmsh-4.2.0+git.1600742357.6be225e5/crm.conf.in --- old/crmsh-4.2.0+git.1599810948.3db12a7a/crm.conf.in 2020-09-11 09:55:48.000000000 +0200 +++ new/crmsh-4.2.0+git.1600742357.6be225e5/crm.conf.in 2020-09-22 04:39:17.000000000 +0200 @@ -20,6 +20,22 @@ ; ignore_missing_metadata = no ; report_tool_options = +; obscure_pattern option is the persisent configuration of CLI. +; Example, for the high security concern, obscure_pattern = passw* | ip +; which makes `crm configure show` is equal to +; +; node-1:~ # crm configure show obscure:passw* obscure:ip +; node 1084783297: node1 +; primitive fence_device stonith:fence_ilo5 \ +; params password="******" +; primitive ip IPaddr2 \ +; params ip="******" +; +; The default option is passw* +; If you don't want to obscure, change the value to blank. +; +; obscure_pattern = passw* + [path] ; sharedir = <detected> ; cache = <detected> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/crmsh-4.2.0+git.1599810948.3db12a7a/crmsh/config.py new/crmsh-4.2.0+git.1600742357.6be225e5/crmsh/config.py --- old/crmsh-4.2.0+git.1599810948.3db12a7a/crmsh/config.py 2020-09-11 09:55:48.000000000 +0200 +++ new/crmsh-4.2.0+git.1600742357.6be225e5/crmsh/config.py 2020-09-22 04:39:17.000000000 +0200 @@ -238,7 +238,8 @@ 'dotty': opt_program('', ('dotty',)), 'dot': opt_program('', ('dot',)), 'ignore_missing_metadata': opt_boolean('no'), - 'report_tool_options': opt_string('') + 'report_tool_options': opt_string(''), + 'obscure_pattern': opt_string('passw*') }, 'path': { 'sharedir': opt_dir('%(datadir)s/crmsh'), @@ -303,6 +304,17 @@ self._systemwide = None self._user = None + def _safe_read(self, config_parser_inst, file_list): + """ + Try to handle configparser.MissingSectionHeaderError while reading + """ + from . import utils + try: + config_parser_inst.read(file_list) + except configparser.MissingSectionHeaderError: + with utils.disable_exception_traceback(): + raise + def load(self): self._defaults = configparser.ConfigParser() for section, keys in DEFAULTS.items(): @@ -312,14 +324,14 @@ if os.path.isfile(_SYSTEMWIDE): self._systemwide = configparser.ConfigParser() - self._systemwide.read([_SYSTEMWIDE]) + self._safe_read(self._systemwide, [_SYSTEMWIDE]) # for backwards compatibility with <=2.1.1 due to ridiculous bug elif os.path.isfile("/etc/crm/crmsh.conf"): self._systemwide = configparser.ConfigParser() - self._systemwide.read(["/etc/crm/crmsh.conf"]) + self._safe_read(self._systemwide, ["/etc/crm/crmsh.conf"]) if os.path.isfile(_PERUSER): self._user = configparser.ConfigParser() - self._user.read([_PERUSER]) + self._safe_read(self._user, [_PERUSER]) def save(self): if self._user: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/crmsh-4.2.0+git.1599810948.3db12a7a/crmsh/ui_configure.py new/crmsh-4.2.0+git.1600742357.6be225e5/crmsh/ui_configure.py --- old/crmsh-4.2.0+git.1599810948.3db12a7a/crmsh/ui_configure.py 2020-09-11 09:55:48.000000000 +0200 +++ new/crmsh-4.2.0+git.1600742357.6be225e5/crmsh/ui_configure.py 2020-09-22 04:39:17.000000000 +0200 @@ -2,6 +2,7 @@ # Copyright (C) 2013 Kristoffer Gronlund <[email protected]> # See COPYING for license information. +import re import time from . import command from . import completers as compl @@ -550,6 +551,12 @@ "usage: show [xml] [<id>...]" from .utils import obscure osargs = [arg[8:] for arg in args if arg.startswith('obscure:')] + if not osargs and config.core.obscure_pattern: + # obscure_pattern could be + # 1. "pattern1 pattern2 pattern3" + # 2. "pattern1|pattern2|pattern3" + # regrex here also filter out possible spaces + osargs = re.split('\s*\|\s*|\s+', config.core.obscure_pattern.strip('|')) args = [arg for arg in args if not arg.startswith('obscure:')] with obscure(osargs): set_obj = mkset_obj(*args) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/crmsh-4.2.0+git.1599810948.3db12a7a/crmsh/utils.py new/crmsh-4.2.0+git.1600742357.6be225e5/crmsh/utils.py --- old/crmsh-4.2.0+git.1599810948.3db12a7a/crmsh/utils.py 2020-09-11 09:55:48.000000000 +0200 +++ new/crmsh-4.2.0+git.1600742357.6be225e5/crmsh/utils.py 2020-09-22 04:39:17.000000000 +0200 @@ -2540,4 +2540,15 @@ # check on local rc, _ = get_stdout(cmd) return rc == 0 + + +@contextmanager +def disable_exception_traceback(): + """ + All traceback information is suppressed and only the exception type and value are printed + """ + default_value = getattr(sys, "tracebacklimit", 1000) # `1000` is a Python's default value + sys.tracebacklimit = 0 + yield + sys.tracebacklimit = default_value # revert changes # vim:ts=4:sw=4:et: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/crmsh-4.2.0+git.1599810948.3db12a7a/data-manifest new/crmsh-4.2.0+git.1600742357.6be225e5/data-manifest --- old/crmsh-4.2.0+git.1599810948.3db12a7a/data-manifest 2020-09-11 09:55:48.000000000 +0200 +++ new/crmsh-4.2.0+git.1600742357.6be225e5/data-manifest 2020-09-22 04:39:17.000000000 +0200 @@ -69,6 +69,7 @@ test/features/bootstrap_init_join_remove.feature test/features/bootstrap_options.feature test/features/bootstrap_sbd.feature +test/features/configure_bugs.feature test/features/environment.py test/features/geo_setup.feature test/features/hb_report_bugs.feature diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/crmsh-4.2.0+git.1599810948.3db12a7a/doc/crm.8.adoc new/crmsh-4.2.0+git.1600742357.6be225e5/doc/crm.8.adoc --- old/crmsh-4.2.0+git.1599810948.3db12a7a/doc/crm.8.adoc 2020-09-11 09:55:48.000000000 +0200 +++ new/crmsh-4.2.0+git.1600742357.6be225e5/doc/crm.8.adoc 2020-09-22 04:39:17.000000000 +0200 @@ -4208,6 +4208,24 @@ sensitive information. The +<glob>+ argument is a bash-style pattern matching attribute keys. +In +/etc/crm/crm.conf+, +obscure_pattern+ option is the persisent configuration of CLI. +Example, for the high security concern, +............... +[core] +obscure_pattern = passw* | ip +............... +Which makes +crm configure show+ is equal to +............... +node-1:~ # crm configure show obscure:passw* obscure:ip +node 1084783297: node1 +primitive fence_device stonith:fence_ilo5 \ + params password="******" +primitive ip IPaddr2 \ + params ip="******" +............... +The default suggestion is +passw*+ +If you don't want to obscure, change the value to blank. + Usage: ............... show [xml] [<id> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/crmsh-4.2.0+git.1599810948.3db12a7a/test/features/configure_bugs.feature new/crmsh-4.2.0+git.1600742357.6be225e5/test/features/configure_bugs.feature --- old/crmsh-4.2.0+git.1599810948.3db12a7a/test/features/configure_bugs.feature 1970-01-01 01:00:00.000000000 +0100 +++ new/crmsh-4.2.0+git.1600742357.6be225e5/test/features/configure_bugs.feature 2020-09-22 04:39:17.000000000 +0200 @@ -0,0 +1,34 @@ +@configure +Feature: Functional test for configure sub level + + Tag @clean means need to stop cluster service if the service is available + + @clean + Scenario: Replace sensitive data by default(bsc#1163581) + Given Cluster service is "stopped" on "hanode1" + And Cluster service is "stopped" on "hanode2" + When Run "crm cluster init -y" on "hanode1" + Then Cluster service is "started" on "hanode1" + When Run "crm cluster join -c hanode1 -y" on "hanode2" + Then Cluster service is "started" on "hanode2" + And Online nodes are "hanode1 hanode2" + + # mask password by default + When Run "crm node utilization hanode1 set password qwertyui" on "hanode1" + When Try "crm configure show|grep password|grep qwertyui" + Then Expected return code is "1" + And Show crm configure + + # mask password and ip address + When Run "crm configure primitive ip2 IPaddr2 params ip=10.10.10.124" on "hanode1" + And Run "sed -i 's/; \[core\]/[core]/' /etc/crm/crm.conf" on "hanode1" + And Run "sed -i 's/; obscure_pattern = .*$/obscure_pattern = passw*|ip/g' /etc/crm/crm.conf" on "hanode1" + And Try "crm configure show|grep -E "10.10.10.124|qwertyui"" + Then Expected return code is "1" + And Show crm configure + + # mask password and ip address with another pattern + When Run "sed -i 's/obscure_pattern = .*$/obscure_pattern = passw* ip/g' /etc/crm/crm.conf" on "hanode1" + And Try "crm configure show|grep -E "10.10.10.124|qwertyui"" + Then Expected return code is "1" + And Show crm configure diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/crmsh-4.2.0+git.1599810948.3db12a7a/test/features/steps/step_implenment.py new/crmsh-4.2.0+git.1600742357.6be225e5/test/features/steps/step_implenment.py --- old/crmsh-4.2.0+git.1599810948.3db12a7a/test/features/steps/step_implenment.py 2020-09-11 09:55:48.000000000 +0200 +++ new/crmsh-4.2.0+git.1600742357.6be225e5/test/features/steps/step_implenment.py 2020-09-22 04:39:17.000000000 +0200 @@ -171,6 +171,13 @@ context.logger.info("\n{}".format(out)) +@then('Show crm configure') +def step_impl(context): + _, out = run_command(context, 'crm configure show') + if out: + context.logger.info("\n{}".format(out)) + + @then('Show status from qnetd') def step_impl(context): _, out = run_command(context, 'crm corosync status qnetd') diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/crmsh-4.2.0+git.1599810948.3db12a7a/test/run-in-travis.sh new/crmsh-4.2.0+git.1600742357.6be225e5/test/run-in-travis.sh --- old/crmsh-4.2.0+git.1599810948.3db12a7a/test/run-in-travis.sh 2020-09-11 09:55:48.000000000 +0200 +++ new/crmsh-4.2.0+git.1600742357.6be225e5/test/run-in-travis.sh 2020-09-22 04:39:17.000000000 +0200 @@ -8,6 +8,7 @@ make_install() { echo "** Make / Install" make install + make install-crmconfDATA prefix= } regression_tests() { @@ -26,7 +27,7 @@ configure make_install exit $?;; - bootstrap|qdevice|hb_report|resource|geo) + bootstrap|qdevice|hb_report|resource|geo|configure) functional_tests $1 $2 exit $?;; *)
