From 45d0c7ab87f8dea4b0b18b227d6b894794bfa46f Mon Sep 17 00:00:00 2001 From: Chris Peterson Date: Tue, 7 May 2024 13:52:19 -0700 Subject: [PATCH] network: drop logic to split out wifi config In commit 9ecc4060b (PR #1911), we changed the permissions of the written netplan config files to be stricter but still retained the logic to separate out the wifi information. Since these both are likely to contain secrets and also have the same permissions, we can keep the config merged. --- subiquity/models/network.py | 23 ----------------------- subiquity/models/tests/test_network.py | 11 +++++++++++ 2 files changed, 11 insertions(+), 23 deletions(-) diff --git a/subiquity/models/network.py b/subiquity/models/network.py index f536673e..d1d4fa60 100644 --- a/subiquity/models/network.py +++ b/subiquity/models/network.py @@ -38,13 +38,6 @@ class NetworkModel(CoreNetworkModel): def render(self): netplan = self.render_config() - # We write the wifi config -- which almost certainly contains secrets -- - # to a separate file since it's possible the default file may - # be shared (e.g., via apport for a bug report) and we don't want to - # leak them. This isn't a perfect solution because in principle there - # could be wired 802.1x stuff that has secrets too, but the subiquity - # UI does not support any of that yet so this will do for now. - # If host cloud-init version has no readable combined-cloud-config, # default to False. cloud_cfg = cloudinit.get_host_combined_cloud_config() @@ -63,8 +56,6 @@ class NetworkModel(CoreNetworkModel): } } else: - # Separate sensitive wifi config from potentially shared config - wifis = netplan["network"].pop("wifis", None) r = { "write_files": { # Disable cloud-init networking @@ -76,7 +67,6 @@ class NetworkModel(CoreNetworkModel): "content": "network: {config: disabled}\n", "permissions": "0600", }, - # netplan without sensitive wifi config "etc_netplan_installer": { "path": "etc/netplan/00-installer-config.yaml", "content": self.stringify_config(netplan), @@ -84,19 +74,6 @@ class NetworkModel(CoreNetworkModel): }, }, } - if wifis is not None: - netplan_wifi = { - "network": { - "version": 2, - "wifis": wifis, - }, - } - # sensitive wifi config - r["write_files"]["etc_netplan_installer_wifi"] = { - "path": "etc/netplan/00-installer-config-wifi.yaml", - "content": self.stringify_config(netplan_wifi), - "permissions": "0600", - } return r async def target_packages(self) -> List[TargetPkg]: diff --git a/subiquity/models/tests/test_network.py b/subiquity/models/tests/test_network.py index bd3a10b7..dc26b9c2 100644 --- a/subiquity/models/tests/test_network.py +++ b/subiquity/models/tests/test_network.py @@ -52,3 +52,14 @@ class TestNetworkModel(unittest.IsolatedAsyncioTestCase): config = self.model.render() for file in config["write_files"].values(): self.assertEqual(file["permissions"], "0600") + + async def test_netplan_wifi_combined(self): + """Assert the wifi config is not written separately.""" + + mock_config = {"network": {"wifis": "data"}} + self.model.render_config = mock.Mock(return_value=mock_config) + + config = self.model.render() + self.assertIn( + "wifis", config["write_files"]["etc_netplan_installer"]["content"] + )