Skip to content

Commit a88e970

Browse files
NouemanKHALclaude
andauthored
Mark slurm seff_path as require_trusted_provider (#24235)
* fix(slurm): mark seff_path as require_trusted_provider The seff binary path is resolved from the seff_path instance config and used as argv[0] in subprocess.run, but seff_path was never declared in the config spec, so it had no trusted-provider guard like the other binary path fields. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * chore(slurm): add changelog entry for seff_path Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * ddev validate models slurm -s --------- Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
1 parent 18d2b26 commit a88e970

5 files changed

Lines changed: 19 additions & 1 deletion

File tree

slurm/assets/configuration/spec.yaml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -119,6 +119,13 @@ files:
119119
type: string
120120
require_trusted_provider: true
121121
example: /usr/bin/scontrol
122+
- name: seff_path
123+
description: Full path to the seff binary.
124+
fleet_configurable: true
125+
value:
126+
type: string
127+
require_trusted_provider: true
128+
example: /usr/bin/seff
122129
- name: debug_sinfo_stats
123130
description: |
124131
Whether or not to enable debug logging for the sinfo command. This logs the output of the sinfo command

slurm/changelog.d/24235.security

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
Require a trusted provider for the ``seff_path`` config option.

slurm/datadog_checks/slurm/config_models/defaults.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -96,6 +96,10 @@ def instance_sdiag_path():
9696
return '/usr/bin/sdiag'
9797

9898

99+
def instance_seff_path():
100+
return '/usr/bin/seff'
101+
102+
99103
def instance_sinfo_collection_level():
100104
return 1
101105

slurm/datadog_checks/slurm/config_models/instance.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@
2020

2121

2222
SECURE_FIELD_NAMES = frozenset(
23-
['sacct_path', 'scontrol_path', 'sdiag_path', 'sinfo_path', 'squeue_path', 'sshare_path']
23+
['sacct_path', 'scontrol_path', 'sdiag_path', 'seff_path', 'sinfo_path', 'squeue_path', 'sshare_path']
2424
)
2525

2626

@@ -61,6 +61,7 @@ class InstanceConfig(BaseModel):
6161
sacct_path: Optional[str] = None
6262
scontrol_path: Optional[str] = None
6363
sdiag_path: Optional[str] = None
64+
seff_path: Optional[str] = None
6465
service: Optional[str] = None
6566
sinfo_collection_level: Optional[int] = None
6667
sinfo_path: Optional[str] = None

slurm/datadog_checks/slurm/data/conf.yaml.example

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -99,6 +99,11 @@ instances:
9999
#
100100
# scontrol_path: /usr/bin/scontrol
101101

102+
## @param seff_path - string - optional - default: /usr/bin/seff
103+
## Full path to the seff binary.
104+
#
105+
# seff_path: /usr/bin/seff
106+
102107
## @param tags - list of strings - optional
103108
## A list of tags to attach to every metric and service check emitted by this instance.
104109
##

0 commit comments

Comments
 (0)