network: drop logic to split out wifi config

In commit 9ecc406 (PR canonical#1911), we changed the permissions of the written netplan config files to be stricter but still retained the logic to separate out the wifi information. Since these both are likely to contain secrets and also have the same permissions, we can keep the config merged.
Chris-Peterson444 · May 7, 2024 · ead7a8a · ead7a8a
1 parent c6a1b58
commit ead7a8a
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 23 deletions.
diff --git a/subiquity/models/network.py b/subiquity/models/network.py
@@ -38,13 +38,6 @@ def render_config(self):
 
     def render(self):
         netplan = self.render_config()
-        # We write the wifi config -- which almost certainly contains secrets --
-        # to a separate file since it's possible the default file may
-        # be shared (e.g., via apport for a bug report) and we don't want to
-        # leak them. This isn't a perfect solution because in principle there
-        # could be wired 802.1x stuff that has secrets too, but the subiquity
-        # UI does not support any of that yet so this will do for now.
-
         # If host cloud-init version has no readable combined-cloud-config,
         # default to False.
         cloud_cfg = cloudinit.get_host_combined_cloud_config()
@@ -63,8 +56,6 @@ def render(self):
                 }
             }
         else:
-            # Separate sensitive wifi config from potentially shared config
-            wifis = netplan["network"].pop("wifis", None)
             r = {
                 "write_files": {
                     # Disable cloud-init networking
@@ -76,27 +67,13 @@ def render(self):
                         "content": "network: {config: disabled}\n",
                         "permissions": "0600",
                     },
-                    # netplan without sensitive wifi config
                     "etc_netplan_installer": {
                         "path": "etc/netplan/00-installer-config.yaml",
                         "content": self.stringify_config(netplan),
                         "permissions": "0600",
                     },
                 },
             }
-            if wifis is not None:
-                netplan_wifi = {
-                    "network": {
-                        "version": 2,
-                        "wifis": wifis,
-                    },
-                }
-                # sensitive wifi config
-                r["write_files"]["etc_netplan_installer_wifi"] = {
-                    "path": "etc/netplan/00-installer-config-wifi.yaml",
-                    "content": self.stringify_config(netplan_wifi),
-                    "permissions": "0600",
-                }
         return r
 
     async def target_packages(self) -> List[TargetPkg]:

diff --git a/subiquity/models/tests/test_network.py b/subiquity/models/tests/test_network.py
@@ -52,3 +52,15 @@ async def test_write_netplan_permissions(self):
         config = self.model.render()
         for file in config["write_files"].values():
             self.assertEqual(file["permissions"], "0600")
+
+    async def test_netplan_wifi_combined(self):
+        """Assert the wifi config is not written separately."""
+
+        mock_config = {"network": {"wifis": "data"}}
+        self.model.render_config = mock.Mock(return_value=mock_config)
+
+        config = self.model.render()
+        print(config)
+        self.assertIn(
+            "wifis", config["write_files"]["etc_netplan_installer"]["content"]
+        )