network: drop logic to split out wifi config

In commit 9ecc4060b (PR #1911), we changed the permissions of the written netplan config files to be stricter but still retained the logic to separate out the wifi information. Since these both are likely to contain secrets and also have the same permissions, we can keep the config merged.
2024-05-07 13:52:19 -07:00 · 2024-05-07 13:52:19 -07:00 · 45d0c7ab87
parent c6a1b583de
commit 45d0c7ab87
2 changed files with 11 additions and 23 deletions
--- a/subiquity/models/network.py
+++ b/subiquity/models/network.py
@ -38,13 +38,6 @@ class NetworkModel(CoreNetworkModel):

    def render(self):
        netplan = self.render_config()
-        # We write the wifi config -- which almost certainly contains secrets --
-        # to a separate file since it's possible the default file may
-        # be shared (e.g., via apport for a bug report) and we don't want to
-        # leak them. This isn't a perfect solution because in principle there
-        # could be wired 802.1x stuff that has secrets too, but the subiquity
-        # UI does not support any of that yet so this will do for now.
-
        # If host cloud-init version has no readable combined-cloud-config,
        # default to False.
        cloud_cfg = cloudinit.get_host_combined_cloud_config()
@ -63,8 +56,6 @@ class NetworkModel(CoreNetworkModel):
                }
            }
        else:
-            # Separate sensitive wifi config from potentially shared config
-            wifis = netplan["network"].pop("wifis", None)
            r = {
                "write_files": {
                    # Disable cloud-init networking
@ -76,7 +67,6 @@ class NetworkModel(CoreNetworkModel):
                        "content": "network: {config: disabled}\n",
                        "permissions": "0600",
                    },
-                    # netplan without sensitive wifi config
                    "etc_netplan_installer": {
                        "path": "etc/netplan/00-installer-config.yaml",
                        "content": self.stringify_config(netplan),
@ -84,19 +74,6 @@ class NetworkModel(CoreNetworkModel):
                    },
                },
            }
-            if wifis is not None:
-                netplan_wifi = {
-                    "network": {
-                        "version": 2,
-                        "wifis": wifis,
-                    },
-                }
-                # sensitive wifi config
-                r["write_files"]["etc_netplan_installer_wifi"] = {
-                    "path": "etc/netplan/00-installer-config-wifi.yaml",
-                    "content": self.stringify_config(netplan_wifi),
-                    "permissions": "0600",
-                }
        return r

    async def target_packages(self) -> List[TargetPkg]:
--- a/subiquity/models/tests/test_network.py
+++ b/subiquity/models/tests/test_network.py
@ -52,3 +52,14 @@ class TestNetworkModel(unittest.IsolatedAsyncioTestCase):
        config = self.model.render()
        for file in config["write_files"].values():
            self.assertEqual(file["permissions"], "0600")
+
+    async def test_netplan_wifi_combined(self):
+        """Assert the wifi config is not written separately."""
+
+        mock_config = {"network": {"wifis": "data"}}
+        self.model.render_config = mock.Mock(return_value=mock_config)
+
+        config = self.model.render()
+        self.assertIn(
+            "wifis", config["write_files"]["etc_netplan_installer"]["content"]
+        )