Style corrections for privsep usage.
We always import privsep modules like this: import nova.privsep.libvirt Not like this: from nova.privsep import libvirt This is because it makes it obvious at the caller that a priviledged operation is occuring: nova.privsep.libvirt.destroy_root_filesystem() Not just: libvirt.destroy_root_filesystem() This is especially true when the imported module is called "libvirt", which is a very common term in the codebase and super hard to grep for specific uses of. I've corrected the existing style mismatches to make things consistent. Note that the next patch in this series covers this case with a hacking check. Change-Id: Ief177dbcb018da6fbad13bb0ff153fc47292d5b9
This commit is contained in:
parent
95a87bce9f
commit
3aa702686b
|
@ -16,7 +16,7 @@ import fixtures
|
||||||
import mock
|
import mock
|
||||||
from six.moves import StringIO
|
from six.moves import StringIO
|
||||||
|
|
||||||
from nova.privsep import idmapshift
|
import nova.privsep.idmapshift
|
||||||
from nova import test
|
from nova import test
|
||||||
|
|
||||||
|
|
||||||
|
@ -45,38 +45,39 @@ class BaseTestCase(test.NoDBTestCase):
|
||||||
|
|
||||||
class FindTargetIDTestCase(BaseTestCase):
|
class FindTargetIDTestCase(BaseTestCase):
|
||||||
def test_find_target_id_range_1_first(self):
|
def test_find_target_id_range_1_first(self):
|
||||||
actual_target = idmapshift.find_target_id(0, self.uid_maps,
|
actual_target = nova.privsep.idmapshift.find_target_id(
|
||||||
idmapshift.NOBODY_ID, dict())
|
0, self.uid_maps, nova.privsep.idmapshift.NOBODY_ID, dict())
|
||||||
self.assertEqual(10000, actual_target)
|
self.assertEqual(10000, actual_target)
|
||||||
|
|
||||||
def test_find_target_id_inside_range_1(self):
|
def test_find_target_id_inside_range_1(self):
|
||||||
actual_target = idmapshift.find_target_id(2, self.uid_maps,
|
actual_target = nova.privsep.idmapshift.find_target_id(
|
||||||
idmapshift.NOBODY_ID, dict())
|
2, self.uid_maps, nova.privsep.idmapshift.NOBODY_ID, dict())
|
||||||
self.assertEqual(10002, actual_target)
|
self.assertEqual(10002, actual_target)
|
||||||
|
|
||||||
def test_find_target_id_range_2_first(self):
|
def test_find_target_id_range_2_first(self):
|
||||||
actual_target = idmapshift.find_target_id(10, self.uid_maps,
|
actual_target = nova.privsep.idmapshift.find_target_id(
|
||||||
idmapshift.NOBODY_ID, dict())
|
10, self.uid_maps, nova.privsep.idmapshift.NOBODY_ID, dict())
|
||||||
self.assertEqual(20000, actual_target)
|
self.assertEqual(20000, actual_target)
|
||||||
|
|
||||||
def test_find_target_id_inside_range_2(self):
|
def test_find_target_id_inside_range_2(self):
|
||||||
actual_target = idmapshift.find_target_id(100, self.uid_maps,
|
actual_target = nova.privsep.idmapshift.find_target_id(
|
||||||
idmapshift.NOBODY_ID, dict())
|
100, self.uid_maps, nova.privsep.idmapshift.NOBODY_ID, dict())
|
||||||
self.assertEqual(20090, actual_target)
|
self.assertEqual(20090, actual_target)
|
||||||
|
|
||||||
def test_find_target_id_outside_range(self):
|
def test_find_target_id_outside_range(self):
|
||||||
actual_target = idmapshift.find_target_id(10000, self.uid_maps,
|
actual_target = nova.privsep.idmapshift.find_target_id(
|
||||||
idmapshift.NOBODY_ID, dict())
|
10000, self.uid_maps, nova.privsep.idmapshift.NOBODY_ID, dict())
|
||||||
self.assertEqual(idmapshift.NOBODY_ID, actual_target)
|
self.assertEqual(nova.privsep.idmapshift.NOBODY_ID, actual_target)
|
||||||
|
|
||||||
def test_find_target_id_no_mappings(self):
|
def test_find_target_id_no_mappings(self):
|
||||||
actual_target = idmapshift.find_target_id(0, [],
|
actual_target = nova.privsep.idmapshift.find_target_id(
|
||||||
idmapshift.NOBODY_ID, dict())
|
0, [], nova.privsep.idmapshift.NOBODY_ID, dict())
|
||||||
self.assertEqual(idmapshift.NOBODY_ID, actual_target)
|
self.assertEqual(nova.privsep.idmapshift.NOBODY_ID, actual_target)
|
||||||
|
|
||||||
def test_find_target_id_updates_memo(self):
|
def test_find_target_id_updates_memo(self):
|
||||||
memo = dict()
|
memo = dict()
|
||||||
idmapshift.find_target_id(0, self.uid_maps, idmapshift.NOBODY_ID, memo)
|
nova.privsep.idmapshift.find_target_id(
|
||||||
|
0, self.uid_maps, nova.privsep.idmapshift.NOBODY_ID, memo)
|
||||||
self.assertIn(0, memo)
|
self.assertIn(0, memo)
|
||||||
self.assertEqual(10000, memo[0])
|
self.assertEqual(10000, memo[0])
|
||||||
|
|
||||||
|
@ -84,19 +85,19 @@ class FindTargetIDTestCase(BaseTestCase):
|
||||||
uid_maps = [(500, 10000, 10)]
|
uid_maps = [(500, 10000, 10)]
|
||||||
|
|
||||||
# Below range
|
# Below range
|
||||||
actual_target = idmapshift.find_target_id(499, uid_maps,
|
actual_target = nova.privsep.idmapshift.find_target_id(
|
||||||
idmapshift.NOBODY_ID, dict())
|
499, uid_maps, nova.privsep.idmapshift.NOBODY_ID, dict())
|
||||||
self.assertEqual(idmapshift.NOBODY_ID, actual_target)
|
self.assertEqual(nova.privsep.idmapshift.NOBODY_ID, actual_target)
|
||||||
|
|
||||||
# Match
|
# Match
|
||||||
actual_target = idmapshift.find_target_id(501, uid_maps,
|
actual_target = nova.privsep.idmapshift.find_target_id(
|
||||||
idmapshift.NOBODY_ID, dict())
|
501, uid_maps, nova.privsep.idmapshift.NOBODY_ID, dict())
|
||||||
self.assertEqual(10001, actual_target)
|
self.assertEqual(10001, actual_target)
|
||||||
|
|
||||||
# Beyond range
|
# Beyond range
|
||||||
actual_target = idmapshift.find_target_id(510, uid_maps,
|
actual_target = nova.privsep.idmapshift.find_target_id(
|
||||||
idmapshift.NOBODY_ID, dict())
|
510, uid_maps, nova.privsep.idmapshift.NOBODY_ID, dict())
|
||||||
self.assertEqual(idmapshift.NOBODY_ID, actual_target)
|
self.assertEqual(nova.privsep.idmapshift.NOBODY_ID, actual_target)
|
||||||
|
|
||||||
|
|
||||||
class ShiftPathTestCase(BaseTestCase):
|
class ShiftPathTestCase(BaseTestCase):
|
||||||
|
@ -104,8 +105,9 @@ class ShiftPathTestCase(BaseTestCase):
|
||||||
@mock.patch('os.lstat')
|
@mock.patch('os.lstat')
|
||||||
def test_shift_path(self, mock_lstat, mock_lchown):
|
def test_shift_path(self, mock_lstat, mock_lchown):
|
||||||
mock_lstat.return_value = FakeStat(0, 0)
|
mock_lstat.return_value = FakeStat(0, 0)
|
||||||
idmapshift.shift_path('/test/path', self.uid_maps, self.gid_maps,
|
nova.privsep.idmapshift.shift_path(
|
||||||
idmapshift.NOBODY_ID, dict(), dict())
|
'/test/path', self.uid_maps, self.gid_maps,
|
||||||
|
nova.privsep.idmapshift.NOBODY_ID, dict(), dict())
|
||||||
mock_lstat.assert_has_calls([mock.call('/test/path')])
|
mock_lstat.assert_has_calls([mock.call('/test/path')])
|
||||||
mock_lchown.assert_has_calls([mock.call('/test/path', 10000, 10000)])
|
mock_lchown.assert_has_calls([mock.call('/test/path', 10000, 10000)])
|
||||||
|
|
||||||
|
@ -118,15 +120,16 @@ class ShiftDirTestCase(BaseTestCase):
|
||||||
mock_walk.return_value = [('/', ['a', 'b'], ['c', 'd'])]
|
mock_walk.return_value = [('/', ['a', 'b'], ['c', 'd'])]
|
||||||
mock_join.side_effect = join_side_effect
|
mock_join.side_effect = join_side_effect
|
||||||
|
|
||||||
idmapshift.shift_dir('/', self.uid_maps, self.gid_maps,
|
nova.privsep.idmapshift.shift_dir('/', self.uid_maps, self.gid_maps,
|
||||||
idmapshift.NOBODY_ID)
|
nova.privsep.idmapshift.NOBODY_ID)
|
||||||
|
|
||||||
files = ['a', 'b', 'c', 'd']
|
files = ['a', 'b', 'c', 'd']
|
||||||
mock_walk.assert_has_calls([mock.call('/')])
|
mock_walk.assert_has_calls([mock.call('/')])
|
||||||
mock_join_calls = [mock.call('/', x) for x in files]
|
mock_join_calls = [mock.call('/', x) for x in files]
|
||||||
mock_join.assert_has_calls(mock_join_calls)
|
mock_join.assert_has_calls(mock_join_calls)
|
||||||
|
|
||||||
args = (self.uid_maps, self.gid_maps, idmapshift.NOBODY_ID)
|
args = (self.uid_maps, self.gid_maps,
|
||||||
|
nova.privsep.idmapshift.NOBODY_ID)
|
||||||
kwargs = dict(uid_memo=dict(), gid_memo=dict())
|
kwargs = dict(uid_memo=dict(), gid_memo=dict())
|
||||||
shift_path_calls = [mock.call('/', *args, **kwargs)]
|
shift_path_calls = [mock.call('/', *args, **kwargs)]
|
||||||
shift_path_calls += [mock.call('/' + x, *args, **kwargs)
|
shift_path_calls += [mock.call('/' + x, *args, **kwargs)
|
||||||
|
@ -141,8 +144,8 @@ class ConfirmPathTestCase(test.NoDBTestCase):
|
||||||
gid_ranges = [(300, 399)]
|
gid_ranges = [(300, 399)]
|
||||||
mock_lstat.return_value = FakeStat(1000, 301)
|
mock_lstat.return_value = FakeStat(1000, 301)
|
||||||
|
|
||||||
result = idmapshift.confirm_path('/test/path', uid_ranges, gid_ranges,
|
result = nova.privsep.idmapshift.confirm_path(
|
||||||
50000)
|
'/test/path', uid_ranges, gid_ranges, 50000)
|
||||||
|
|
||||||
mock_lstat.assert_has_calls([mock.call('/test/path')])
|
mock_lstat.assert_has_calls([mock.call('/test/path')])
|
||||||
self.assertTrue(result)
|
self.assertTrue(result)
|
||||||
|
@ -153,8 +156,8 @@ class ConfirmPathTestCase(test.NoDBTestCase):
|
||||||
gid_ranges = [(300, 399)]
|
gid_ranges = [(300, 399)]
|
||||||
mock_lstat.return_value = FakeStat(50000, 50000)
|
mock_lstat.return_value = FakeStat(50000, 50000)
|
||||||
|
|
||||||
result = idmapshift.confirm_path('/test/path', uid_ranges, gid_ranges,
|
result = nova.privsep.idmapshift.confirm_path(
|
||||||
50000)
|
'/test/path', uid_ranges, gid_ranges, 50000)
|
||||||
|
|
||||||
mock_lstat.assert_has_calls([mock.call('/test/path')])
|
mock_lstat.assert_has_calls([mock.call('/test/path')])
|
||||||
self.assertTrue(result)
|
self.assertTrue(result)
|
||||||
|
@ -165,8 +168,8 @@ class ConfirmPathTestCase(test.NoDBTestCase):
|
||||||
gid_ranges = [(300, 399)]
|
gid_ranges = [(300, 399)]
|
||||||
mock_lstat.return_value = FakeStat(0, 301)
|
mock_lstat.return_value = FakeStat(0, 301)
|
||||||
|
|
||||||
result = idmapshift.confirm_path('/test/path', uid_ranges, gid_ranges,
|
result = nova.privsep.idmapshift.confirm_path(
|
||||||
50000)
|
'/test/path', uid_ranges, gid_ranges, 50000)
|
||||||
|
|
||||||
mock_lstat.assert_has_calls([mock.call('/test/path')])
|
mock_lstat.assert_has_calls([mock.call('/test/path')])
|
||||||
self.assertFalse(result)
|
self.assertFalse(result)
|
||||||
|
@ -177,8 +180,8 @@ class ConfirmPathTestCase(test.NoDBTestCase):
|
||||||
gid_ranges = [(300, 399)]
|
gid_ranges = [(300, 399)]
|
||||||
mock_lstat.return_value = FakeStat(1000, 0)
|
mock_lstat.return_value = FakeStat(1000, 0)
|
||||||
|
|
||||||
result = idmapshift.confirm_path('/test/path', uid_ranges, gid_ranges,
|
result = nova.privsep.idmapshift.confirm_path(
|
||||||
50000)
|
'/test/path', uid_ranges, gid_ranges, 50000)
|
||||||
|
|
||||||
mock_lstat.assert_has_calls([mock.call('/test/path')])
|
mock_lstat.assert_has_calls([mock.call('/test/path')])
|
||||||
self.assertFalse(result)
|
self.assertFalse(result)
|
||||||
|
@ -189,8 +192,8 @@ class ConfirmPathTestCase(test.NoDBTestCase):
|
||||||
gid_ranges = [(300, 399)]
|
gid_ranges = [(300, 399)]
|
||||||
mock_lstat.return_value = FakeStat(50000, 301)
|
mock_lstat.return_value = FakeStat(50000, 301)
|
||||||
|
|
||||||
result = idmapshift.confirm_path('/test/path', uid_ranges, gid_ranges,
|
result = nova.privsep.idmapshift.confirm_path(
|
||||||
50000)
|
'/test/path', uid_ranges, gid_ranges, 50000)
|
||||||
|
|
||||||
mock_lstat.assert_has_calls([mock.call('/test/path')])
|
mock_lstat.assert_has_calls([mock.call('/test/path')])
|
||||||
self.assertTrue(result)
|
self.assertTrue(result)
|
||||||
|
@ -201,8 +204,8 @@ class ConfirmPathTestCase(test.NoDBTestCase):
|
||||||
gid_ranges = [(300, 399)]
|
gid_ranges = [(300, 399)]
|
||||||
mock_lstat.return_value = FakeStat(1000, 50000)
|
mock_lstat.return_value = FakeStat(1000, 50000)
|
||||||
|
|
||||||
result = idmapshift.confirm_path('/test/path', uid_ranges, gid_ranges,
|
result = nova.privsep.idmapshift.confirm_path(
|
||||||
50000)
|
'/test/path', uid_ranges, gid_ranges, 50000)
|
||||||
|
|
||||||
mock_lstat.assert_has_calls([mock.call('/test/path')])
|
mock_lstat.assert_has_calls([mock.call('/test/path')])
|
||||||
self.assertTrue(result)
|
self.assertTrue(result)
|
||||||
|
@ -211,8 +214,8 @@ class ConfirmPathTestCase(test.NoDBTestCase):
|
||||||
class ConfirmDirTestCase(BaseTestCase):
|
class ConfirmDirTestCase(BaseTestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
super(ConfirmDirTestCase, self).setUp()
|
super(ConfirmDirTestCase, self).setUp()
|
||||||
self.uid_map_ranges = idmapshift.get_ranges(self.uid_maps)
|
self.uid_map_ranges = nova.privsep.idmapshift.get_ranges(self.uid_maps)
|
||||||
self.gid_map_ranges = idmapshift.get_ranges(self.gid_maps)
|
self.gid_map_ranges = nova.privsep.idmapshift.get_ranges(self.gid_maps)
|
||||||
|
|
||||||
@mock.patch('nova.privsep.idmapshift.confirm_path')
|
@mock.patch('nova.privsep.idmapshift.confirm_path')
|
||||||
@mock.patch('os.path.join')
|
@mock.patch('os.path.join')
|
||||||
|
@ -222,15 +225,16 @@ class ConfirmDirTestCase(BaseTestCase):
|
||||||
mock_join.side_effect = join_side_effect
|
mock_join.side_effect = join_side_effect
|
||||||
mock_confirm_path.return_value = True
|
mock_confirm_path.return_value = True
|
||||||
|
|
||||||
idmapshift.confirm_dir('/', self.uid_maps, self.gid_maps,
|
nova.privsep.idmapshift.confirm_dir('/', self.uid_maps, self.gid_maps,
|
||||||
idmapshift.NOBODY_ID)
|
nova.privsep.idmapshift.NOBODY_ID)
|
||||||
|
|
||||||
files = ['a', 'b', 'c', 'd']
|
files = ['a', 'b', 'c', 'd']
|
||||||
mock_walk.assert_has_calls([mock.call('/')])
|
mock_walk.assert_has_calls([mock.call('/')])
|
||||||
mock_join_calls = [mock.call('/', x) for x in files]
|
mock_join_calls = [mock.call('/', x) for x in files]
|
||||||
mock_join.assert_has_calls(mock_join_calls)
|
mock_join.assert_has_calls(mock_join_calls)
|
||||||
|
|
||||||
args = (self.uid_map_ranges, self.gid_map_ranges, idmapshift.NOBODY_ID)
|
args = (self.uid_map_ranges, self.gid_map_ranges,
|
||||||
|
nova.privsep.idmapshift.NOBODY_ID)
|
||||||
confirm_path_calls = [mock.call('/', *args)]
|
confirm_path_calls = [mock.call('/', *args)]
|
||||||
confirm_path_calls += [mock.call('/' + x, *args)
|
confirm_path_calls += [mock.call('/' + x, *args)
|
||||||
for x in files]
|
for x in files]
|
||||||
|
@ -245,10 +249,11 @@ class ConfirmDirTestCase(BaseTestCase):
|
||||||
mock_join.side_effect = join_side_effect
|
mock_join.side_effect = join_side_effect
|
||||||
mock_confirm_path.return_value = False
|
mock_confirm_path.return_value = False
|
||||||
|
|
||||||
idmapshift.confirm_dir('/', self.uid_maps, self.gid_maps,
|
nova.privsep.idmapshift.confirm_dir('/', self.uid_maps, self.gid_maps,
|
||||||
idmapshift.NOBODY_ID)
|
nova.privsep.idmapshift.NOBODY_ID)
|
||||||
|
|
||||||
args = (self.uid_map_ranges, self.gid_map_ranges, idmapshift.NOBODY_ID)
|
args = (self.uid_map_ranges, self.gid_map_ranges,
|
||||||
|
nova.privsep.idmapshift.NOBODY_ID)
|
||||||
confirm_path_calls = [mock.call('/', *args)]
|
confirm_path_calls = [mock.call('/', *args)]
|
||||||
mock_confirm_path.assert_has_calls(confirm_path_calls)
|
mock_confirm_path.assert_has_calls(confirm_path_calls)
|
||||||
|
|
||||||
|
@ -267,13 +272,14 @@ class ConfirmDirTestCase(BaseTestCase):
|
||||||
|
|
||||||
mock_confirm_path.side_effect = confirm_path_side_effect
|
mock_confirm_path.side_effect = confirm_path_side_effect
|
||||||
|
|
||||||
idmapshift.confirm_dir('/', self.uid_maps, self.gid_maps,
|
nova.privsep.idmapshift.confirm_dir('/', self.uid_maps, self.gid_maps,
|
||||||
idmapshift.NOBODY_ID)
|
nova.privsep.idmapshift.NOBODY_ID)
|
||||||
|
|
||||||
mock_walk.assert_has_calls([mock.call('/')])
|
mock_walk.assert_has_calls([mock.call('/')])
|
||||||
mock_join.assert_has_calls([mock.call('/', 'a')])
|
mock_join.assert_has_calls([mock.call('/', 'a')])
|
||||||
|
|
||||||
args = (self.uid_map_ranges, self.gid_map_ranges, idmapshift.NOBODY_ID)
|
args = (self.uid_map_ranges, self.gid_map_ranges,
|
||||||
|
nova.privsep.idmapshift.NOBODY_ID)
|
||||||
confirm_path_calls = [mock.call('/', *args),
|
confirm_path_calls = [mock.call('/', *args),
|
||||||
mock.call('/' + 'a', *args)]
|
mock.call('/' + 'a', *args)]
|
||||||
mock_confirm_path.assert_has_calls(confirm_path_calls)
|
mock_confirm_path.assert_has_calls(confirm_path_calls)
|
||||||
|
@ -293,15 +299,16 @@ class ConfirmDirTestCase(BaseTestCase):
|
||||||
|
|
||||||
mock_confirm_path.side_effect = confirm_path_side_effect
|
mock_confirm_path.side_effect = confirm_path_side_effect
|
||||||
|
|
||||||
idmapshift.confirm_dir('/', self.uid_maps, self.gid_maps,
|
nova.privsep.idmapshift.confirm_dir('/', self.uid_maps, self.gid_maps,
|
||||||
idmapshift.NOBODY_ID)
|
nova.privsep.idmapshift.NOBODY_ID)
|
||||||
|
|
||||||
files = ['a', 'b', 'c']
|
files = ['a', 'b', 'c']
|
||||||
mock_walk.assert_has_calls([mock.call('/')])
|
mock_walk.assert_has_calls([mock.call('/')])
|
||||||
mock_join_calls = [mock.call('/', x) for x in files]
|
mock_join_calls = [mock.call('/', x) for x in files]
|
||||||
mock_join.assert_has_calls(mock_join_calls)
|
mock_join.assert_has_calls(mock_join_calls)
|
||||||
|
|
||||||
args = (self.uid_map_ranges, self.gid_map_ranges, idmapshift.NOBODY_ID)
|
args = (self.uid_map_ranges, self.gid_map_ranges,
|
||||||
|
nova.privsep.idmapshift.NOBODY_ID)
|
||||||
confirm_path_calls = [mock.call('/', *args)]
|
confirm_path_calls = [mock.call('/', *args)]
|
||||||
confirm_path_calls += [mock.call('/' + x, *args)
|
confirm_path_calls += [mock.call('/' + x, *args)
|
||||||
for x in files]
|
for x in files]
|
||||||
|
@ -333,15 +340,16 @@ class IntegrationTestCase(BaseTestCase):
|
||||||
|
|
||||||
mock_lstat.side_effect = lstat
|
mock_lstat.side_effect = lstat
|
||||||
|
|
||||||
idmapshift.shift_dir('/tmp/test', self.uid_maps, self.gid_maps,
|
nova.privsep.idmapshift.shift_dir('/tmp/test', self.uid_maps,
|
||||||
idmapshift.NOBODY_ID)
|
self.gid_maps,
|
||||||
|
nova.privsep.idmapshift.NOBODY_ID)
|
||||||
|
|
||||||
lchown_calls = [
|
lchown_calls = [
|
||||||
mock.call('/tmp/test', 10000, 10000),
|
mock.call('/tmp/test', 10000, 10000),
|
||||||
mock.call('/tmp/test/a', 10000, 10000),
|
mock.call('/tmp/test/a', 10000, 10000),
|
||||||
mock.call('/tmp/test/b', 10000, 10002),
|
mock.call('/tmp/test/b', 10000, 10002),
|
||||||
mock.call('/tmp/test/c', idmapshift.NOBODY_ID,
|
mock.call('/tmp/test/c', nova.privsep.idmapshift.NOBODY_ID,
|
||||||
idmapshift.NOBODY_ID),
|
nova.privsep.idmapshift.NOBODY_ID),
|
||||||
mock.call('/tmp/test/d', 20090, 20090),
|
mock.call('/tmp/test/d', 20090, 20090),
|
||||||
mock.call('/tmp/test/d/1', 10000, 20090),
|
mock.call('/tmp/test/d/1', 10000, 20090),
|
||||||
mock.call('/tmp/test/d/2', 20090, 20090),
|
mock.call('/tmp/test/d/2', 20090, 20090),
|
||||||
|
@ -362,7 +370,8 @@ class IntegrationTestCase(BaseTestCase):
|
||||||
't': FakeStat(10000, 10000),
|
't': FakeStat(10000, 10000),
|
||||||
'a': FakeStat(10000, 10000),
|
'a': FakeStat(10000, 10000),
|
||||||
'b': FakeStat(10000, 10002),
|
'b': FakeStat(10000, 10002),
|
||||||
'c': FakeStat(idmapshift.NOBODY_ID, idmapshift.NOBODY_ID),
|
'c': FakeStat(nova.privsep.idmapshift.NOBODY_ID,
|
||||||
|
nova.privsep.idmapshift.NOBODY_ID),
|
||||||
'd': FakeStat(20090, 20090),
|
'd': FakeStat(20090, 20090),
|
||||||
'1': FakeStat(10000, 20090),
|
'1': FakeStat(10000, 20090),
|
||||||
'2': FakeStat(20090, 20090),
|
'2': FakeStat(20090, 20090),
|
||||||
|
@ -371,8 +380,9 @@ class IntegrationTestCase(BaseTestCase):
|
||||||
|
|
||||||
mock_lstat.side_effect = lstat
|
mock_lstat.side_effect = lstat
|
||||||
|
|
||||||
result = idmapshift.confirm_dir('/tmp/test', self.uid_maps,
|
result = nova.privsep.idmapshift.confirm_dir(
|
||||||
self.gid_maps, idmapshift.NOBODY_ID)
|
'/tmp/test', self.uid_maps, self.gid_maps,
|
||||||
|
nova.privsep.idmapshift.NOBODY_ID)
|
||||||
|
|
||||||
self.assertTrue(result)
|
self.assertTrue(result)
|
||||||
|
|
||||||
|
@ -399,7 +409,8 @@ class IntegrationTestCase(BaseTestCase):
|
||||||
|
|
||||||
mock_lstat.side_effect = lstat
|
mock_lstat.side_effect = lstat
|
||||||
|
|
||||||
result = idmapshift.confirm_dir('/tmp/test', self.uid_maps,
|
result = nova.privsep.idmapshift.confirm_dir(
|
||||||
self.gid_maps, idmapshift.NOBODY_ID)
|
'/tmp/test', self.uid_maps, self.gid_maps,
|
||||||
|
nova.privsep.idmapshift.NOBODY_ID)
|
||||||
|
|
||||||
self.assertFalse(result)
|
self.assertFalse(result)
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
import ddt
|
import ddt
|
||||||
import mock
|
import mock
|
||||||
|
|
||||||
from nova.privsep import libvirt
|
import nova.privsep.libvirt
|
||||||
from nova import test
|
from nova import test
|
||||||
|
|
||||||
|
|
||||||
|
@ -38,7 +38,7 @@ class PrivsepLibvirtMountTestCase(test.NoDBTestCase):
|
||||||
sysd_bin = "systemd-run"
|
sysd_bin = "systemd-run"
|
||||||
sysd_opt_1 = "--scope"
|
sysd_opt_1 = "--scope"
|
||||||
|
|
||||||
libvirt.systemd_run_qb_mount(self.FAKE_VOLUME,
|
nova.privsep.libvirt.systemd_run_qb_mount(self.FAKE_VOLUME,
|
||||||
self.FAKE_MOUNT_BASE,
|
self.FAKE_MOUNT_BASE,
|
||||||
cfg_file=cfg_file)
|
cfg_file=cfg_file)
|
||||||
|
|
||||||
|
@ -61,7 +61,7 @@ class PrivsepLibvirtMountTestCase(test.NoDBTestCase):
|
||||||
@mock.patch('oslo_concurrency.processutils.execute')
|
@mock.patch('oslo_concurrency.processutils.execute')
|
||||||
def test_unprivileged_qb_mount(self, cfg_file, mock_execute):
|
def test_unprivileged_qb_mount(self, cfg_file, mock_execute):
|
||||||
|
|
||||||
libvirt.unprivileged_qb_mount(self.FAKE_VOLUME,
|
nova.privsep.libvirt.unprivileged_qb_mount(self.FAKE_VOLUME,
|
||||||
self.FAKE_MOUNT_BASE,
|
self.FAKE_MOUNT_BASE,
|
||||||
cfg_file=cfg_file)
|
cfg_file=cfg_file)
|
||||||
|
|
||||||
|
|
|
@ -25,7 +25,6 @@ import psutil
|
||||||
import six
|
import six
|
||||||
|
|
||||||
from nova import exception as nova_exception
|
from nova import exception as nova_exception
|
||||||
from nova.privsep import libvirt
|
|
||||||
from nova import test
|
from nova import test
|
||||||
from nova.tests.unit.virt.libvirt.volume import test_volume
|
from nova.tests.unit.virt.libvirt.volume import test_volume
|
||||||
from nova import utils
|
from nova import utils
|
||||||
|
@ -106,7 +105,7 @@ class QuobyteTestCase(test.NoDBTestCase):
|
||||||
|
|
||||||
@ddt.data(None, '/some/arbitrary/path')
|
@ddt.data(None, '/some/arbitrary/path')
|
||||||
@mock.patch.object(fileutils, "ensure_tree")
|
@mock.patch.object(fileutils, "ensure_tree")
|
||||||
@mock.patch.object(libvirt, "unprivileged_qb_mount")
|
@mock.patch('nova.privsep.libvirt.unprivileged_qb_mount')
|
||||||
def test_quobyte_mount_volume_not_systemd(self, cfg_file, mock_mount,
|
def test_quobyte_mount_volume_not_systemd(self, cfg_file, mock_mount,
|
||||||
mock_ensure_tree):
|
mock_ensure_tree):
|
||||||
mnt_base = '/mnt'
|
mnt_base = '/mnt'
|
||||||
|
@ -122,7 +121,7 @@ class QuobyteTestCase(test.NoDBTestCase):
|
||||||
mock_mount.assert_has_calls(expected_commands)
|
mock_mount.assert_has_calls(expected_commands)
|
||||||
|
|
||||||
@ddt.data(None, '/some/arbitrary/path')
|
@ddt.data(None, '/some/arbitrary/path')
|
||||||
@mock.patch.object(libvirt, 'systemd_run_qb_mount')
|
@mock.patch('nova.privsep.libvirt.systemd_run_qb_mount')
|
||||||
@mock.patch.object(fileutils, "ensure_tree")
|
@mock.patch.object(fileutils, "ensure_tree")
|
||||||
def test_quobyte_mount_volume_systemd(self, cfg_file, mock_ensure_tree,
|
def test_quobyte_mount_volume_systemd(self, cfg_file, mock_ensure_tree,
|
||||||
mock_privsep_sysdr):
|
mock_privsep_sysdr):
|
||||||
|
@ -140,9 +139,8 @@ class QuobyteTestCase(test.NoDBTestCase):
|
||||||
cfg_file=cfg_file)
|
cfg_file=cfg_file)
|
||||||
|
|
||||||
@mock.patch.object(fileutils, "ensure_tree")
|
@mock.patch.object(fileutils, "ensure_tree")
|
||||||
@mock.patch.object(libvirt, 'unprivileged_qb_mount',
|
@mock.patch('nova.privsep.libvirt.unprivileged_qb_mount',
|
||||||
side_effect=(processutils.
|
side_effect=processutils.ProcessExecutionError)
|
||||||
ProcessExecutionError))
|
|
||||||
def test_quobyte_mount_volume_fails(self, mock_mount, mock_ensure_tree):
|
def test_quobyte_mount_volume_fails(self, mock_mount, mock_ensure_tree):
|
||||||
mnt_base = '/mnt'
|
mnt_base = '/mnt'
|
||||||
quobyte_volume = '192.168.1.1/volume-00001'
|
quobyte_volume = '192.168.1.1/volume-00001'
|
||||||
|
@ -155,7 +153,7 @@ class QuobyteTestCase(test.NoDBTestCase):
|
||||||
export_mnt_base)
|
export_mnt_base)
|
||||||
mock_ensure_tree.assert_called_once_with(export_mnt_base)
|
mock_ensure_tree.assert_called_once_with(export_mnt_base)
|
||||||
|
|
||||||
@mock.patch.object(libvirt, 'unprivileged_umount')
|
@mock.patch('nova.privsep.libvirt.unprivileged_umount')
|
||||||
def test_quobyte_umount_volume_non_sysd(self, mock_lv_umount):
|
def test_quobyte_umount_volume_non_sysd(self, mock_lv_umount):
|
||||||
mnt_base = '/mnt'
|
mnt_base = '/mnt'
|
||||||
quobyte_volume = '192.168.1.1/volume-00001'
|
quobyte_volume = '192.168.1.1/volume-00001'
|
||||||
|
@ -166,7 +164,7 @@ class QuobyteTestCase(test.NoDBTestCase):
|
||||||
|
|
||||||
mock_lv_umount.assert_called_once_with(export_mnt_base)
|
mock_lv_umount.assert_called_once_with(export_mnt_base)
|
||||||
|
|
||||||
@mock.patch.object(libvirt, 'umount')
|
@mock.patch('nova.privsep.libvirt.umount')
|
||||||
def test_quobyte_umount_volume_sysd(self, mock_lv_umount):
|
def test_quobyte_umount_volume_sysd(self, mock_lv_umount):
|
||||||
mnt_base = '/mnt'
|
mnt_base = '/mnt'
|
||||||
quobyte_volume = '192.168.1.1/volume-00001'
|
quobyte_volume = '192.168.1.1/volume-00001'
|
||||||
|
@ -179,7 +177,7 @@ class QuobyteTestCase(test.NoDBTestCase):
|
||||||
mock_lv_umount.assert_called_once_with(export_mnt_base)
|
mock_lv_umount.assert_called_once_with(export_mnt_base)
|
||||||
|
|
||||||
@mock.patch.object(quobyte.LOG, "error")
|
@mock.patch.object(quobyte.LOG, "error")
|
||||||
@mock.patch.object(libvirt, 'umount')
|
@mock.patch('nova.privsep.libvirt.umount')
|
||||||
def test_quobyte_umount_volume_warns(self, mock_execute, mock_debug):
|
def test_quobyte_umount_volume_warns(self, mock_execute, mock_debug):
|
||||||
mnt_base = '/mnt'
|
mnt_base = '/mnt'
|
||||||
quobyte_volume = '192.168.1.1/volume-00001'
|
quobyte_volume = '192.168.1.1/volume-00001'
|
||||||
|
@ -200,8 +198,8 @@ class QuobyteTestCase(test.NoDBTestCase):
|
||||||
export_mnt_base))
|
export_mnt_base))
|
||||||
|
|
||||||
@mock.patch.object(quobyte.LOG, "exception")
|
@mock.patch.object(quobyte.LOG, "exception")
|
||||||
@mock.patch.object(libvirt, 'umount',
|
@mock.patch('nova.privsep.libvirt.umount',
|
||||||
side_effect=(processutils.ProcessExecutionError))
|
side_effect=processutils.ProcessExecutionError)
|
||||||
def test_quobyte_umount_volume_fails(self, mock_unmount, mock_exception):
|
def test_quobyte_umount_volume_fails(self, mock_unmount, mock_exception):
|
||||||
mnt_base = '/mnt'
|
mnt_base = '/mnt'
|
||||||
quobyte_volume = '192.168.1.1/volume-00001'
|
quobyte_volume = '192.168.1.1/volume-00001'
|
||||||
|
|
|
@ -40,7 +40,7 @@ import six
|
||||||
from nova.compute import power_state
|
from nova.compute import power_state
|
||||||
from nova import exception
|
from nova import exception
|
||||||
from nova.i18n import _
|
from nova.i18n import _
|
||||||
from nova.privsep import libvirt as libvirt_privsep
|
import nova.privsep.libvirt
|
||||||
from nova.virt import hardware
|
from nova.virt import hardware
|
||||||
from nova.virt.libvirt import compat
|
from nova.virt.libvirt import compat
|
||||||
from nova.virt.libvirt import config as vconfig
|
from nova.virt.libvirt import config as vconfig
|
||||||
|
@ -200,7 +200,7 @@ class Guest(object):
|
||||||
interfaces = self.get_interfaces()
|
interfaces = self.get_interfaces()
|
||||||
try:
|
try:
|
||||||
for interface in interfaces:
|
for interface in interfaces:
|
||||||
libvirt_privsep.enable_hairpin(interface)
|
nova.privsep.libvirt.enable_hairpin(interface)
|
||||||
except Exception:
|
except Exception:
|
||||||
with excutils.save_and_reraise_exception():
|
with excutils.save_and_reraise_exception():
|
||||||
LOG.error('Error enabling hairpin mode with XML: %s',
|
LOG.error('Error enabling hairpin mode with XML: %s',
|
||||||
|
|
|
@ -25,7 +25,7 @@ import six
|
||||||
import nova.conf
|
import nova.conf
|
||||||
from nova import exception as nova_exception
|
from nova import exception as nova_exception
|
||||||
from nova.i18n import _
|
from nova.i18n import _
|
||||||
from nova.privsep import libvirt
|
import nova.privsep.libvirt
|
||||||
from nova import utils
|
from nova import utils
|
||||||
from nova.virt.libvirt import utils as libvirt_utils
|
from nova.virt.libvirt import utils as libvirt_utils
|
||||||
from nova.virt.libvirt.volume import fs
|
from nova.virt.libvirt.volume import fs
|
||||||
|
@ -76,12 +76,14 @@ def mount_volume(volume, mnt_base, configfile=None):
|
||||||
if found_sysd:
|
if found_sysd:
|
||||||
LOG.debug('Mounting volume %s at mount point %s via systemd-run',
|
LOG.debug('Mounting volume %s at mount point %s via systemd-run',
|
||||||
volume, mnt_base)
|
volume, mnt_base)
|
||||||
libvirt.systemd_run_qb_mount(volume, mnt_base, cfg_file=configfile)
|
nova.privsep.libvirt.systemd_run_qb_mount(volume, mnt_base,
|
||||||
|
cfg_file=configfile)
|
||||||
else:
|
else:
|
||||||
LOG.debug('Mounting volume %s at mount point %s via mount.quobyte',
|
LOG.debug('Mounting volume %s at mount point %s via mount.quobyte',
|
||||||
volume, mnt_base, cfg_file=configfile)
|
volume, mnt_base, cfg_file=configfile)
|
||||||
|
|
||||||
libvirt.unprivileged_qb_mount(volume, mnt_base, cfg_file=configfile)
|
nova.privsep.libvirt.unprivileged_qb_mount(volume, mnt_base,
|
||||||
|
cfg_file=configfile)
|
||||||
LOG.info('Mounted volume: %s', volume)
|
LOG.info('Mounted volume: %s', volume)
|
||||||
|
|
||||||
|
|
||||||
|
@ -89,9 +91,9 @@ def umount_volume(mnt_base):
|
||||||
"""Wraps execute calls for unmouting a Quobyte volume"""
|
"""Wraps execute calls for unmouting a Quobyte volume"""
|
||||||
try:
|
try:
|
||||||
if found_sysd:
|
if found_sysd:
|
||||||
libvirt.umount(mnt_base)
|
nova.privsep.libvirt.umount(mnt_base)
|
||||||
else:
|
else:
|
||||||
libvirt.unprivileged_umount(mnt_base)
|
nova.privsep.libvirt.unprivileged_umount(mnt_base)
|
||||||
except processutils.ProcessExecutionError as exc:
|
except processutils.ProcessExecutionError as exc:
|
||||||
if 'Device or resource busy' in six.text_type(exc):
|
if 'Device or resource busy' in six.text_type(exc):
|
||||||
LOG.error("The Quobyte volume at %s is still in use.", mnt_base)
|
LOG.error("The Quobyte volume at %s is still in use.", mnt_base)
|
||||||
|
|
|
@ -31,7 +31,7 @@ from pypowervm.tasks import partition as pvm_par
|
||||||
import retrying
|
import retrying
|
||||||
|
|
||||||
from nova import exception
|
from nova import exception
|
||||||
from nova.privsep import path as priv_path
|
import nova.privsep.path
|
||||||
|
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
@ -85,7 +85,7 @@ def discover_vscsi_disk(mapping, scan_timeout=300):
|
||||||
for scanpath in glob.glob(
|
for scanpath in glob.glob(
|
||||||
'/sys/bus/vio/devices/%x/host*/scsi_host/host*/scan' % lslot):
|
'/sys/bus/vio/devices/%x/host*/scsi_host/host*/scan' % lslot):
|
||||||
# Writing '- - -' to this sysfs file triggers bus rescan
|
# Writing '- - -' to this sysfs file triggers bus rescan
|
||||||
priv_path.writefile(scanpath, 'a', '- - -')
|
nova.privsep.path.writefile(scanpath, 'a', '- - -')
|
||||||
|
|
||||||
# Now see if our device showed up. If so, we can reliably match it based
|
# Now see if our device showed up. If so, we can reliably match it based
|
||||||
# on its Linux ID, which ends with the disk's UDID.
|
# on its Linux ID, which ends with the disk's UDID.
|
||||||
|
@ -150,7 +150,7 @@ def remove_block_dev(devpath, scan_timeout=10):
|
||||||
"partition via special file %(delpath)s.",
|
"partition via special file %(delpath)s.",
|
||||||
{'devpath': devpath, 'delpath': delpath})
|
{'devpath': devpath, 'delpath': delpath})
|
||||||
# Writing '1' to this sysfs file deletes the block device and rescans.
|
# Writing '1' to this sysfs file deletes the block device and rescans.
|
||||||
priv_path.writefile(delpath, 'a', '1')
|
nova.privsep.path.writefile(delpath, 'a', '1')
|
||||||
|
|
||||||
# The bus scan is asynchronous. Need to poll, waiting for the device to
|
# The bus scan is asynchronous. Need to poll, waiting for the device to
|
||||||
# disappear. Stop when stat raises OSError (dev file not found) - which is
|
# disappear. Stop when stat raises OSError (dev file not found) - which is
|
||||||
|
|
Loading…
Reference in New Issue