From d0797c21d52fc509c2e5fdd782bcac5bc83f69e0 Mon Sep 17 00:00:00 2001 From: Michael Still Date: Tue, 4 Dec 2018 10:42:08 +1100 Subject: [PATCH] Move interface disabling to privsep. Change-Id: I23c16075e0f88c7b1a50091650891e3efeb4d16e --- nova/network/linux_net.py | 2 +- nova/privsep/linux_net.py | 5 +++++ nova/tests/unit/network/test_linux_net.py | 12 +++++------- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/nova/network/linux_net.py b/nova/network/linux_net.py index d220df647d33..45ca30e6f0d6 100644 --- a/nova/network/linux_net.py +++ b/nova/network/linux_net.py @@ -1248,7 +1248,7 @@ def delete_bridge_dev(dev): """Delete a network bridge.""" if nova.privsep.linux_net.device_exists(dev): try: - utils.execute('ip', 'link', 'set', dev, 'down', run_as_root=True) + nova.privsep.linux_net.set_device_disabled(dev) nova.privsep.linux_net.delete_bridge(dev) except processutils.ProcessExecutionError: with excutils.save_and_reraise_exception(): diff --git a/nova/privsep/linux_net.py b/nova/privsep/linux_net.py index 32b8686447f2..0579a8e3ec6a 100644 --- a/nova/privsep/linux_net.py +++ b/nova/privsep/linux_net.py @@ -91,6 +91,11 @@ def set_device_enabled(dev): check_exit_code=[0, 2, 254]) +@nova.privsep.sys_admin_pctxt.entrypoint +def set_device_disabled(dev): + processutils.execute('ip', 'link', 'set', dev, 'down') + + @nova.privsep.sys_admin_pctxt.entrypoint def set_device_macaddr(dev, mac_addr, port_state=None): if port_state: diff --git a/nova/tests/unit/network/test_linux_net.py b/nova/tests/unit/network/test_linux_net.py index 9cf534d3dcfc..e53e5dee46e5 100644 --- a/nova/tests/unit/network/test_linux_net.py +++ b/nova/tests/unit/network/test_linux_net.py @@ -1270,17 +1270,15 @@ class LinuxNetworkTestCase(test.NoDBTestCase): self.assertEqual(2, len(executes)) @mock.patch('os.path.exists', return_value=True) - @mock.patch('nova.utils.execute') + @mock.patch('nova.privsep.linux_net.set_device_disabled') @mock.patch('nova.privsep.linux_net.delete_bridge') - def test_remove_bridge(self, mock_delete, mock_execute, mock_exists): + def test_remove_bridge(self, mock_delete, mock_disabled, mock_exists): linux_net.LinuxBridgeInterfaceDriver.remove_bridge('fake-bridge') self.assertIn(mock.call('/sys/class/net/fake-bridge'), mock_exists.mock_calls) - self.assertEqual([mock.call('ip', 'link', 'set', 'fake-bridge', - 'down', run_as_root=True)], - mock_execute.mock_calls) - self.assertEqual([mock.call('fake-bridge')], mock_delete.mock_calls) + mock_disabled.assert_called_once_with('fake-bridge') + mock_delete.assert_called_once_with('fake-bridge') @mock.patch.object(linux_net, '_execute') @mock.patch('nova.privsep.linux_net.device_exists', return_value=False) @@ -1317,7 +1315,7 @@ class LinuxNetworkTestCase(test.NoDBTestCase): mock_set_device_mtu.assert_called_once_with('vlan1', None) @mock.patch('os.path.exists', return_value=True) - @mock.patch('nova.utils.execute', + @mock.patch('nova.privsep.linux_net.set_device_disabled', side_effect=processutils.ProcessExecutionError()) def test_remove_bridge_negative(self, mock_execute, mock_exists): self.assertRaises(processutils.ProcessExecutionError,