rpms/cloud-init
8
1
Fork 1
Code Issues Pull Requests Releases Activity

Merge branch 'f25'

Browse Source 
Conflicts:
	cloud-init-0.7.8-before-nm.patch
	cloud-init.spec
This commit is contained in:
Garrett Holmstrom 2017-03-14 15:56:51 -07:00
commit cb80d7a5f6
3 changed files with 94 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
cloud-init-0.7.8-before-network-target.patch Normal file
View File

@ -0,0 +1,14 @@
Index: cloud-init-0.7.8/systemd/cloud-init.service
===================================================================
--- cloud-init-0.7.8.orig/systemd/cloud-init.service
+++ cloud-init-0.7.8/systemd/cloud-init.service
@@ -1,8 +1,7 @@
[Unit]
Description=Initial cloud-init job (metadata service crawler)
-After=cloud-init-local.service networking.service
+After=cloud-init-local.service network.service NetworkManager.service
Before=network-online.target sshd.service sshd-keygen.service systemd-user-sessions.service
-Requires=networking.service
Wants=local-fs.target cloud-init-local.service sshd.service sshd-keygen.service
[Service]

68
cloud-init-0.7.9-credcache.patch Normal file
View File

@ -0,0 +1,68 @@
Index: cloud-init-0.7.9/cloudinit/ec2_utils.py
===================================================================
--- cloud-init-0.7.9.orig/cloudinit/ec2_utils.py
+++ cloud-init-0.7.9/cloudinit/ec2_utils.py
@@ -82,6 +82,9 @@ class MetadataMaterializer(object):
field_name = get_name(field)
if not field or not field_name:
continue
+ # Don't materialize credentials
+ if field_name == 'security-credentials':
+ continue
if has_children(field):
if field_name not in children:
children.append(field_name)
Index: cloud-init-0.7.9/tests/unittests/test_ec2_util.py
===================================================================
--- cloud-init-0.7.9.orig/tests/unittests/test_ec2_util.py
+++ cloud-init-0.7.9/tests/unittests/test_ec2_util.py
@@ -140,4 +140,49 @@ class TestEc2Util(helpers.HttprettyTestC
self.assertEqual(bdm['ami'], 'sdb')
self.assertEqual(bdm['ephemeral0'], 'sdc')
+ @hp.activate
+ def test_metadata_no_security_credentials(self):
+ base_url = 'http://169.254.169.254/%s/meta-data/' % (self.VERSION)
+ hp.register_uri(hp.GET, base_url, status=200,
+ body="\n".join(['instance-id',
+ 'iam/']))
+ hp.register_uri(hp.GET, uh.combine_url(base_url, 'instance-id'),
+ status=200, body='i-0123451689abcdef0')
+ hp.register_uri(hp.GET,
+ uh.combine_url(base_url, 'iam/'),
+ status=200,
+ body="\n".join(['info/', 'security-credentials/']))
+ hp.register_uri(hp.GET,
+ uh.combine_url(base_url, 'iam/info/'),
+ status=200,
+ body='LastUpdated')
+ hp.register_uri(hp.GET,
+ uh.combine_url(base_url, 'iam/info/LastUpdated'),
+ status=200, body='2016-10-27T17:29:39Z')
+ hp.register_uri(hp.GET,
+ uh.combine_url(base_url, 'iam/security-credentials/'),
+ status=200,
+ body='ReadOnly/')
+ hp.register_uri(hp.GET,
+ uh.combine_url(base_url,
+ 'iam/security-credentials/ReadOnly/'),
+ status=200,
+ body="\n".join(['LastUpdated', 'Expiration']))
+ hp.register_uri(hp.GET,
+ uh.combine_url(
+ base_url,
+ 'iam/security-credentials/ReadOnly/LastUpdated'),
+ status=200, body='2016-10-27T17:28:17Z')
+ hp.register_uri(hp.GET,
+ uh.combine_url(
+ base_url,
+ 'iam/security-credentials/ReadOnly/Expiration'),
+ status=200, body='2016-10-28T00:00:34Z')
+ md = eu.get_instance_metadata(self.VERSION, retries=0, timeout=0.1)
+ self.assertEqual(md['instance-id'], 'i-0123451689abcdef0')
+ iam = md['iam']
+ self.assertEqual(1, len(iam))
+ self.assertEqual(iam['info']['LastUpdated'], '2016-10-27T17:29:39Z')
+ self.assertNotIn('security-credentials', iam)
+
# vi: ts=4 expandtab

19
cloud-init.spec
View File

@ -73,6 +73,11 @@ Patch17: cloud-init-0.7.9-ipv6-gateway.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1400249 # https://bugzilla.redhat.com/show_bug.cgi?id=1400249
Patch18: cloud-init-0.7.9-before-network-target.patch Patch18: cloud-init-0.7.9-before-network-target.patch
# Do not cache IAM instance profile credentials on disk
# https://bugs.launchpad.net/cloud-init/+bug/1638312
# https://git.launchpad.net/cloud-init/commit/?id=b71592ce0e0a9f9f9f225315015ca57b312ad30d
Patch19: cloud-init-0.7.9-credcache.patch
BuildArch: noarch BuildArch: noarch
BuildRequires: pkgconfig(systemd) BuildRequires: pkgconfig(systemd)
@ -83,7 +88,8 @@ BuildRequires: systemd
# For tests # For tests
BuildRequires: iproute BuildRequires: iproute
BuildRequires: python3-configobj BuildRequires: python3-configobj
BuildRequires: python3-httpretty # https://bugzilla.redhat.com/show_bug.cgi?id=1417029
BuildRequires: python3-httpretty >= 0.8.14-2
BuildRequires: python3-jinja2 BuildRequires: python3-jinja2
BuildRequires: python3-jsonpatch BuildRequires: python3-jsonpatch
BuildRequires: python3-mock BuildRequires: python3-mock
@ -159,12 +165,7 @@ cp -p tools/21-cloudinit.conf $RPM_BUILD_ROOT/%{_sysconfdir}/rsyslog.d/21-cloudi
%check %check
# python-httpretty-0.8.14 broke several GCE tests nosetests-%{python3_version} tests/unittests/
# https://github.com/gabrielfalcao/HTTPretty/issues/316
nosetests-%{python3_version} tests/unittests/ \
-e test_instance_level_keys_replace_project_level_keys \
-e test_instance_level_ssh_keys_are_used \
-e test_metadata_encoding
%post %post
@ -217,6 +218,10 @@ nosetests-%{python3_version} tests/unittests/ \
- Fixed IPv6 gateways in network sysconfig [LP:1669504] - Fixed IPv6 gateways in network sysconfig [LP:1669504]
- Ordered cloud-init.service after network.service and NetworkManager.service [RH:1400249] - Ordered cloud-init.service after network.service and NetworkManager.service [RH:1400249]
* Tue Mar 14 2017 Garrett Holmstrom <gholms@fedoraproject.org> - 0.7.8-5
- Ordered cloud-init.service after network.service and NetworkManager.service [RH:1400249]
- Stopped caching IAM instance profile credentials on disk [LP:1638312]
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.9-3 * Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild