Some invocations to external programs used exec.CombinedOutput, that
combines stdout and strerr into a single byte array. This can be an
issue if this output is parsed, as many programs print debug output or
warnings to stderr and that data is unexpected by the parsers. This
patch changes to using osutil.RunSplitOutput or osutil.RunCmd (that
return separately stdout and stderr) when we need to parse stdout, and
also in some other cases when printing separately both streams could
be helpful. Fixes LP #1885597.
Replace ioutil.WriteFile with os.WriteFile since the former has been
deprecated since go1.16 and simply calls the latter.
Signed-off-by: Miguel Pires <miguel.pires@canonical.com>
This commit changes the tests to use the string
`/run/mnt/ubuntu-data/system-data` instead of using
`boot.InstallHostWritableDir`. There are two reasons for
this:
a) The tests are more explicit this way
b) A followup will change this string to a function and
the tests should still validate that the string value
has not changed
Fwiw, this change is auto-generated via:
```
$ git grep -l boot.InstallHostWritableDir | grep _test.go | xargs sed -i 's#boot.InstallHostWritableDir#filepath.Join(dirs.GlobalRootDir, "/run/mnt/ubuntu-data/system-data")#'
```
This commit replaces the use of "sanity" with more inclusive
naming.
When `sanity` is used in a more general sense either `validity`
or `quick` is used.
The cloud-init filtering writes a bunch of files into /tmp that
are not removed. So avoid cluttering /tmp on the hosts when
unit tests are run this commit sets TMPDIR to the unit test
tmpdir so that it's properly cleaned up.
With grade dangerous we don't want to install the datasource restriction file,
so only install it if we installed files and if we are filtering those files.
In the case where we are filtering files but there are no files to install, we
will already not create the file, but if we are filtering and we try to install
some files but they all get filtered out, then we will not install a datasource
restriction file because nothing untrusted from ubuntu-seed was installed, only
files from the gadget which are never filtered but are trusted.
Also remove a redundant test case now that it is reflected in the bigger test
case table.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
Cloud-init itself only considers .cfg files in the cloud-init.cfg.d directory,
so we should only consider files with .cfg file extension in the ubuntu-seed
directory.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
This actually works in Go to return an unexported type and be able to use it's
exported fields, but wasn't the intention at all since we do actually export a
type alias for testing of the unexported type.
Thanks to Samuele for spotting this.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
This function is the directory analogue of cloudDatasourcesInUse, and takes
into account the fact that a collection of config files coming from the same
dir will be processed by cloud-init "together" with lexically later files
overwriting settings of lexically earlier files.
This is necessary for full MAAS support with cloud-init on grade signed
systems.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
For the error case we should only concern ourselves with checking if the output
is "status: error", anything else should not be handled with the switch case,
as that could obscure the non-zero exit status with returning an otherwise
valid status. In other words, if cloud-init status returns "status: enabled"
but exits with non-zero exit code, we still want to return CloudInitErrored.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
When cloud-init is actually in error condition, it will exit with a non-zero
status code. We previously had been assuming that this condition would have a
zero exit code, so the code would end up returning a non-nil err which in
devicestate would lead to devicestate never attempting to restrict cloud-init
and never disabling it either, thus effectively leaving the entire machinery
around force disabling cloud-init after 3 minutes if it was in error never to
be executed.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
This will filter out the config we allow on ubuntu-seed to a subset of
cloud-init configuration.
Currently, this just allows configuration as required by MAAS to setup a device
with cloud-init, but this could be expanded in the future.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
We previously would just create a list with the duplicated names in it, which
didn't break anything but may be confusing for some other bits of code later
on. Instead trim out duplicates using a map instead of appending directly into
the resultant list.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
In a future commit, we will use the result of measuring the datasource settings
for the cloud-init config from the gadget, but for now just introduce the
machinery to read it.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
