fix(pyats): refactor pyats config file creation (incl disable EnvironmentDebugPlugin)#697
Open
fix(pyats): refactor pyats config file creation (incl disable EnvironmentDebugPlugin)#697
Conversation
oboehmer
force-pushed
the
fix/689-570-disable-env-debug-plugin
branch
from
6a826c2 to
92ca3a8
Compare
…andling (#689, #570) Security fix: PyATS EnvironmentDebugPlugin was writing environment variables (including passwords) to env.txt files within archive artifacts. This change disables the plugin and refactors config file management for cleaner architecture. **Security (#689)** - Add `EnvironmentDebugPlugin: enabled: False` to plugin configuration - Add E2E regression test scanning ALL output artifacts for credential sentinels - Test covers both zip contents and all non-zip files **Architecture Refactoring (#570)** - Move config file creation from `execute_job()` into `SubprocessRunner.__init__()` - Add `cleanup()` method to SubprocessRunner for config file removal - Orchestrator calls `cleanup()` conditionally based on keep_artifacts policy - Config file attributes only set after successful file creation (safer error handling) - Extract config filenames as constants in `constants.py` - Write config files to output_dir with well-known names instead of temp files **Dead Code Removal** - Remove unused `_build_reporter_config()` and `_generate_plugin_config()` from orchestrator - Remove unnecessary `tempfile.TemporaryDirectory` wrapper in `_run_tests_async` - Remove unused `plugin_config_path` parameter Closes #689, #570 Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
oboehmer
force-pushed
the
fix/689-570-disable-env-debug-plugin
branch
from
92ca3a8 to
9214b78
Compare
… credential check - Remove 3 moot unit tests that checked config strings (fragile, not behavioral) - Remove duplicate integration test for config creation failure - Move credential sentinel test imports to module level - Run credential check for all scenarios, not just PyATS - Improve error message for PyATS config creation failure
42 tasks
…chestrator Verify that when SubprocessRunner fails to create config files (e.g., disk full), PyATSOrchestrator returns PyATSResults with from_error() for discovered test types.
…ix cleanup leak - Delete ConfigFileCreationError; _create_config_files now raises RuntimeError, consistent with the pyats-not-found failure in __init__ - Catch RuntimeError in orchestrator so both init failures populate api/d2d results correctly instead of falling through to the broad except-Exception handler - Call subprocess_runner.cleanup() in the report-generation failure branch so config files are removed regardless of outcome - Assert EnvironmentDebugPlugin disabled in plugin config integration test using regex; convert all config-content checks to re.search - Remove leftover try/finally unlink() blocks in TestConfigFileContent (files live in tmp_path, cleaned up by pytest)
…asserts Review feedback from PR #697: - Fix bug: if first config file writes successfully but second fails, clean up the first file to avoid orphaned files on disk - Replace assert statements with RuntimeError in _build_command() since asserts are stripped in optimized mode (-O) - Add clarifying comments explaining why cleanup isn't needed on SubprocessRunner init failure (attributes only set after success) - Add docstring note about planned nac-test-wide cleanup mechanism - Add test for partial write failure cleanup behavior
- Add SubprocessRunner.__del__ for opportunistic cleanup on unexpected exits (best-effort: CPython GC only, not guaranteed on SIGKILL; ref #677) - Mark unreachable None-guard with # pragma: no cover and explanatory comment - Update cleanup() docstring to reflect dual call sites (__del__ + orchestrator) - Extract _cleanup_subprocess_runner() helper in orchestrator to DRY up two identical call sites; documents that __del__ covers unexpected exit paths - Cast keep_artifacts to bool() to avoid bool | str | None union type - Remove stale comment in except RuntimeError block (made obsolete by __del__) - Strengthen test_cleanup_is_idempotent with file-existence assertions - Add test_del_calls_cleanup to verify __del__ removes config files
oboehmer
changed the title
oboehmer
changed the title
oboehmer
added a commit
that referenced
this pull request
Mar 28, 2026
CleanupManager.register() gains a skip_if_debug parameter. Files registered with skip_if_debug=True are deleted on normal exit but retained when NAC_TEST_DEBUG is set, letting developers inspect intermediate artifacts without any extra flags or code changes. The merged data model YAML is the first consumer: it now registers with skip_if_debug=True so it survives for inspection in debug runs. The same mechanism is available for job scripts, testbed YAMLs, and any other artifacts tracked in PR #697. Internally, _files changes from set[Path] to dict[Path, bool], keeping the flag co-located with the path and avoiding two collections to sync. Remove the exit_with_cleanup() closure from main() — typer.Exit is caught by Click which calls sys.exit(), reliably triggering atexit handlers on every exit path. The closure and all cleanup_now() pre-exit calls were redundant with the already-registered atexit handler.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Security fix: PyATS EnvironmentDebugPlugin was writing environment variables (including passwords) to
env.txtfiles within archive artifacts. This change disables the plugin and refactors config file management for cleaner architecture.Also refactor pyats config file creation and remove dead code
Closes
Related Issue(s)
__del__in this PR is a stopgap)Type of Change
Test Framework Affected
Network as Code (NaC) Architecture Affected
Platform Tested
Key Changes
Security (#689)
EnvironmentDebugPlugin: enabled: Falseto plugin configurationArchitecture Refactoring (#570)
execute_job()intoSubprocessRunner.__init__()cleanup()method to SubprocessRunner for config file removal__del__for opportunistic cleanup on unexpected exits (best-effort; see Remove merged data model artifact after test execution to prevent potential credential exposure #677)_cleanup_subprocess_runner()helper in orchestrator to DRY up two identical call sitescleanup()conditionally based on keep_artifacts policyconstants.pyDead Code Removal
_build_reporter_config()and_generate_plugin_config()from orchestratortempfile.TemporaryDirectorywrapper in_run_tests_asyncplugin_config_pathparameterTesting Done
pytest/pre-commit run -a)Test Commands Used
Checklist
pre-commit run -apasses)Screenshots (if applicable)
N/A
Additional Notes
Design decisions:
SubprocessRunnernow owns both creation AND cleanup of its config files (cleaner SRP)__del__cleanup is a safe no-op if files are already gone or were never created