openstack
/
nova
Code Issues Proposed changes

Move the dac_admin privsep code to a new location. 

Having utilities that are named after the context they use that no
longer exists is going to be super confusing later. Move these to
a better place.

Change-Id: Id203aa6c02c3b486f63151b3607e928990a6ca7b
blueprint: hurrah-for-privsep
This commit is contained in:
Michael Still 2017-09-18 23:14:11 +10:00
parent 5cae1d64bc
commit 8ea68a5ebe
12 changed files with 58 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
nova/privsep/dac_admin.py → nova/privsep/path.py
View File

2
nova/tests/unit/test_utils.py
View File

@ -145,7 +145,7 @@ class GenericUtilsTestCase(test.NoDBTestCase):
self.assertTrue([c for c in password
if c in 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'])
@mock.patch('nova.privsep.dac_admin.chown')
@mock.patch('nova.privsep.path.chown')
def test_temporary_chown(self, mock_chown):
with tempfile.NamedTemporaryFile() as f:
with utils.temporary_chown(f.name, owner_uid=2):

30
nova/tests/unit/virt/disk/vfs/test_localfs.py
View File

@ -37,7 +37,7 @@ class VirtDiskVFSLocalFSTestPaths(test.NoDBTestCase):
# NOTE(mikal): mocking a decorator is non-trivial, so this is the
# best we can do.
@mock.patch.object(nova.privsep.dac_admin, 'readlink')
@mock.patch.object(nova.privsep.path, 'readlink')
def test_check_safe_path(self, read_link):
vfs = vfsimpl.VFSLocalFS(self.rawfile)
vfs.imgdir = '/foo'
@ -47,7 +47,7 @@ class VirtDiskVFSLocalFSTestPaths(test.NoDBTestCase):
ret = vfs._canonical_path('etc/something.conf')
self.assertEqual(ret, '/foo/etc/something.conf')
@mock.patch.object(nova.privsep.dac_admin, 'readlink')
@mock.patch.object(nova.privsep.path, 'readlink')
def test_check_unsafe_path(self, read_link):
vfs = vfsimpl.VFSLocalFS(self.rawfile)
vfs.imgdir = '/foo'
@ -68,8 +68,8 @@ class VirtDiskVFSLocalFSTest(test.NoDBTestCase):
self.rawfile = imgmodel.LocalFileImage('/dummy.img',
imgmodel.FORMAT_RAW)
@mock.patch.object(nova.privsep.dac_admin, 'readlink')
@mock.patch.object(nova.privsep.dac_admin, 'makedirs')
@mock.patch.object(nova.privsep.path, 'readlink')
@mock.patch.object(nova.privsep.path, 'makedirs')
def test_makepath(self, mkdir, read_link):
vfs = vfsimpl.VFSLocalFS(self.qcowfile)
vfs.imgdir = '/scratch/dir'
@ -84,8 +84,8 @@ class VirtDiskVFSLocalFSTest(test.NoDBTestCase):
read_link.assert_called()
mkdir.assert_called_with(read_link.return_value)
@mock.patch.object(nova.privsep.dac_admin, 'readlink')
@mock.patch.object(nova.privsep.dac_admin, 'writefile')
@mock.patch.object(nova.privsep.path, 'readlink')
@mock.patch.object(nova.privsep.path, 'writefile')
def test_append_file(self, write_file, read_link):
vfs = vfsimpl.VFSLocalFS(self.qcowfile)
vfs.imgdir = '/scratch/dir'
@ -95,8 +95,8 @@ class VirtDiskVFSLocalFSTest(test.NoDBTestCase):
read_link.assert_called()
write_file.assert_called_with(read_link.return_value, 'a', ' Goodbye')
@mock.patch.object(nova.privsep.dac_admin, 'readlink')
@mock.patch.object(nova.privsep.dac_admin, 'writefile')
@mock.patch.object(nova.privsep.path, 'readlink')
@mock.patch.object(nova.privsep.path, 'writefile')
def test_replace_file(self, write_file, read_link):
vfs = vfsimpl.VFSLocalFS(self.qcowfile)
vfs.imgdir = '/scratch/dir'
@ -106,8 +106,8 @@ class VirtDiskVFSLocalFSTest(test.NoDBTestCase):
read_link.assert_called()
write_file.assert_called_with(read_link.return_value, 'w', 'Goodbye')
@mock.patch.object(nova.privsep.dac_admin, 'readlink')
@mock.patch.object(nova.privsep.dac_admin, 'readfile')
@mock.patch.object(nova.privsep.path, 'readlink')
@mock.patch.object(nova.privsep.path, 'readfile')
def test_read_file(self, read_file, read_link):
vfs = vfsimpl.VFSLocalFS(self.qcowfile)
vfs.imgdir = '/scratch/dir'
@ -116,15 +116,15 @@ class VirtDiskVFSLocalFSTest(test.NoDBTestCase):
read_link.assert_called()
read_file.assert_called()
@mock.patch.object(nova.privsep.dac_admin.path, 'exists')
@mock.patch.object(nova.privsep.path.path, 'exists')
def test_has_file(self, exists):
vfs = vfsimpl.VFSLocalFS(self.qcowfile)
vfs.imgdir = '/scratch/dir'
has = vfs.has_file('/some/file')
self.assertEqual(exists.return_value, has)
@mock.patch.object(nova.privsep.dac_admin, 'readlink')
@mock.patch.object(nova.privsep.dac_admin, 'chmod')
@mock.patch.object(nova.privsep.path, 'readlink')
@mock.patch.object(nova.privsep.path, 'chmod')
def test_set_permissions(self, chmod, read_link):
vfs = vfsimpl.VFSLocalFS(self.qcowfile)
vfs.imgdir = '/scratch/dir'
@ -133,8 +133,8 @@ class VirtDiskVFSLocalFSTest(test.NoDBTestCase):
read_link.assert_called()
chmod.assert_called_with(read_link.return_value, 0o777)
@mock.patch.object(nova.privsep.dac_admin, 'readlink')
@mock.patch.object(nova.privsep.dac_admin, 'chown')
@mock.patch.object(nova.privsep.path, 'readlink')
@mock.patch.object(nova.privsep.path, 'chown')
@mock.patch.object(pwd, 'getpwnam')
@mock.patch.object(grp, 'getgrnam')
def test_set_ownership(self, getgrnam, getpwnam, chown, read_link):

10
nova/tests/unit/virt/libvirt/test_driver.py
View File

@ -9690,7 +9690,7 @@ class LibvirtConnTestCase(test.NoDBTestCase,
self.context, instance,
"/fake/instance/dir", disk_info)
@mock.patch('nova.privsep.dac_admin.utime')
@mock.patch('nova.privsep.path.utime')
def test_create_images_and_backing_images_not_exist_fallback(self,
mock_utime):
conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
@ -9772,7 +9772,7 @@ class LibvirtConnTestCase(test.NoDBTestCase,
'/fake/instance/dir', disk_info)
self.assertFalse(mock_fetch_image.called)
@mock.patch('nova.privsep.dac_admin.utime')
@mock.patch('nova.privsep.path.utime')
def test_create_images_and_backing_ephemeral_gets_created(self,
mock_utime):
drvr = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
@ -11168,7 +11168,7 @@ class LibvirtConnTestCase(test.NoDBTestCase,
'myVol', '/dev/something',
run_as_root=True)
@mock.patch('nova.privsep.dac_admin.utime')
@mock.patch('nova.privsep.path.utime')
def test_create_ephemeral_specified_fs_not_valid(self, mock_utime):
CONF.set_override('default_ephemeral_format', 'ext4')
ephemerals = [{'device_type': 'disk',
@ -11382,7 +11382,7 @@ class LibvirtConnTestCase(test.NoDBTestCase,
@mock.patch('os.path.exists', return_value=True)
@mock.patch('nova.privsep.libvirt.last_bytes',
return_value=(b'67890', 0))
@mock.patch('nova.privsep.dac_admin.writefile')
@mock.patch('nova.privsep.path.writefile')
def test_get_console_output_pty(self, mocked_writefile, mocked_last_bytes,
mocked_path_exists):
with utils.tempdir() as tmpdir:
@ -15113,7 +15113,7 @@ class LibvirtConnTestCase(test.NoDBTestCase,
mock.sentinel.new_connection_info, 'vdb', instance)
@mock.patch('nova.virt.libvirt.guest.BlockDevice.is_job_complete')
@mock.patch('nova.privsep.dac_admin.chown')
@mock.patch('nova.privsep.path.chown')
def _test_live_snapshot(self, mock_chown, mock_is_job_complete,
can_quiesce=False, require_quiesce=False):
drvr = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI())

14
nova/tests/unit/virt/libvirt/test_imagebackend.py
View File

@ -341,7 +341,7 @@ class FlatTestCase(_ImageTestCase, test.NoDBTestCase):
@mock.patch.object(imagebackend.disk, 'extend')
@mock.patch.object(fake_libvirt_utils, 'copy_image')
@mock.patch.object(imagebackend.utils, 'synchronized')
@mock.patch('nova.privsep.dac_admin.utime')
@mock.patch('nova.privsep.path.utime')
def test_create_image(self, mock_utime, mock_sync, mock_copy, mock_extend):
mock_sync.side_effect = lambda *a, **kw: self._fake_deco
fn = mock.MagicMock()
@ -374,7 +374,7 @@ class FlatTestCase(_ImageTestCase, test.NoDBTestCase):
@mock.patch.object(imagebackend.utils, 'synchronized')
@mock.patch.object(images, 'qemu_img_info',
return_value=imageutils.QemuImgInfo())
@mock.patch('nova.privsep.dac_admin.utime')
@mock.patch('nova.privsep.path.utime')
def test_create_image_extend(self, mock_utime, mock_qemu, mock_sync,
mock_copy, mock_extend):
mock_sync.side_effect = lambda *a, **kw: self._fake_deco
@ -502,7 +502,7 @@ class Qcow2TestCase(_ImageTestCase, test.NoDBTestCase):
@mock.patch.object(imagebackend.utils, 'synchronized')
@mock.patch.object(fake_libvirt_utils, 'create_cow_image')
@mock.patch.object(imagebackend.disk, 'extend')
@mock.patch('nova.privsep.dac_admin.utime')
@mock.patch('nova.privsep.path.utime')
def test_create_image(self, mock_utime, mock_extend, mock_create,
mock_sync):
mock_sync.side_effect = lambda *a, **kw: self._fake_deco
@ -522,7 +522,7 @@ class Qcow2TestCase(_ImageTestCase, test.NoDBTestCase):
@mock.patch.object(imagebackend.disk, 'extend')
@mock.patch.object(os.path, 'exists', side_effect=[])
@mock.patch.object(imagebackend.Image, 'verify_base_size')
@mock.patch('nova.privsep.dac_admin.utime')
@mock.patch('nova.privsep.path.utime')
def test_create_image_with_size(self, mock_utime, mock_verify, mock_exist,
mock_extend, mock_create, mock_sync):
mock_sync.side_effect = lambda *a, **kw: self._fake_deco
@ -552,7 +552,7 @@ class Qcow2TestCase(_ImageTestCase, test.NoDBTestCase):
@mock.patch.object(imagebackend.disk, 'extend')
@mock.patch.object(os.path, 'exists', side_effect=[])
@mock.patch.object(imagebackend.Qcow2, 'get_disk_size')
@mock.patch('nova.privsep.dac_admin.utime')
@mock.patch('nova.privsep.path.utime')
def test_create_image_too_small(self, mock_utime, mock_get, mock_exist,
mock_extend, mock_create, mock_sync):
mock_sync.side_effect = lambda *a, **kw: self._fake_deco
@ -579,7 +579,7 @@ class Qcow2TestCase(_ImageTestCase, test.NoDBTestCase):
@mock.patch.object(os.path, 'exists', side_effect=[])
@mock.patch.object(imagebackend.Image, 'verify_base_size')
@mock.patch.object(fake_libvirt_utils, 'copy_image')
@mock.patch('nova.privsep.dac_admin.utime')
@mock.patch('nova.privsep.path.utime')
def test_generate_resized_backing_files(self, mock_utime, mock_copy,
mock_verify, mock_exist,
mock_extend, mock_get,
@ -617,7 +617,7 @@ class Qcow2TestCase(_ImageTestCase, test.NoDBTestCase):
@mock.patch.object(imagebackend.disk, 'extend')
@mock.patch.object(os.path, 'exists', side_effect=[])
@mock.patch.object(imagebackend.Image, 'verify_base_size')
@mock.patch('nova.privsep.dac_admin.utime')
@mock.patch('nova.privsep.path.utime')
def test_qcow2_exists_and_has_no_backing_file(self, mock_utime,
mock_verify, mock_exist,
mock_extend, mock_get,

6
nova/tests/unit/virt/libvirt/test_imagecache.py
View File

@ -429,7 +429,7 @@ class ImageCacheManagerTestCase(test.NoDBTestCase):
self.assertNotEqual(stream.getvalue().find('Failed to remove'),
-1)
@mock.patch('nova.privsep.dac_admin.utime')
@mock.patch('nova.privsep.path.utime')
def test_mark_in_use(self, mock_utime):
img = '123'
@ -443,7 +443,7 @@ class ImageCacheManagerTestCase(test.NoDBTestCase):
self.assertEqual(image_cache_manager.unexplained_images, [])
self.assertEqual(image_cache_manager.removable_base_files, [])
@mock.patch('nova.privsep.dac_admin.utime')
@mock.patch('nova.privsep.path.utime')
@mock.patch.object(lockutils, 'external_lock')
def test_verify_base_images(self, mock_lock, mock_utime):
hashed_1 = '356a192b7913b04c54574d18c28d46e6395428ab'
@ -681,7 +681,7 @@ class ImageCacheManagerTestCase(test.NoDBTestCase):
@mock.patch('os.path.exists')
@mock.patch('os.path.getmtime')
@mock.patch('os.remove')
@mock.patch('nova.privsep.dac_admin.utime')
@mock.patch('nova.privsep.path.utime')
def test_age_and_verify_swap_images(self, mock_utime, mock_remove,
mock_getmtime, mock_exist, mock_lock):
base_dir = '/tmp_age_test'

10
nova/tests/unit/virt/xenapi/test_xenapi.py
View File

@ -948,11 +948,11 @@ class XenAPIVMTestCase(stubs.XenAPITestBase,
@testtools.skipIf(test_utils.is_osx(),
'IPv6 pretty-printing broken on OSX, see bug 1409135')
@mock.patch.object(nova.privsep.dac_admin, 'readlink')
@mock.patch.object(nova.privsep.dac_admin, 'writefile')
@mock.patch.object(nova.privsep.dac_admin, 'makedirs')
@mock.patch.object(nova.privsep.dac_admin, 'chown')
@mock.patch.object(nova.privsep.dac_admin, 'chmod')
@mock.patch.object(nova.privsep.path, 'readlink')
@mock.patch.object(nova.privsep.path, 'writefile')
@mock.patch.object(nova.privsep.path, 'makedirs')
@mock.patch.object(nova.privsep.path, 'chown')
@mock.patch.object(nova.privsep.path, 'chmod')
def test_spawn_netinject_file(self, chmod, chown, mkdir, write_file,
read_link):
self.flags(flat_injected=True)

4
nova/utils.py
View File

@ -653,12 +653,12 @@ def temporary_chown(path, owner_uid=None):
orig_uid = os.stat(path).st_uid
if orig_uid != owner_uid:
nova.privsep.dac_admin.chown(path, uid=owner_uid)
nova.privsep.path.chown(path, uid=owner_uid)
try:
yield
finally:
if orig_uid != owner_uid:
nova.privsep.dac_admin.chown(path, uid=orig_uid)
nova.privsep.path.chown(path, uid=orig_uid)
@contextlib.contextmanager

18
nova/virt/disk/vfs/localfs.py
View File

@ -23,7 +23,7 @@ from oslo_utils import excutils
from nova import exception
from nova.i18n import _
import nova.privsep.dac_admin
import nova.privsep.path
from nova import utils
from nova.virt.disk.mount import api as mount_api
from nova.virt.disk.vfs import api as vfs
@ -41,7 +41,7 @@ class VFSLocalFS(vfs.VFS):
path with '..' in it will hit this safeguard.
"""
def _canonical_path(self, path):
canonpath = nova.privsep.dac_admin.readlink(path)
canonpath = nova.privsep.path.readlink(path)
if not canonpath.startswith(os.path.realpath(self.imgdir) + '/'):
raise exception.Invalid(_('File path %s not valid') % path)
return canonpath
@ -100,32 +100,32 @@ class VFSLocalFS(vfs.VFS):
def make_path(self, path):
LOG.debug("Make directory path=%s", path)
nova.privsep.dac_admin.makedirs(self._canonical_path(path))
nova.privsep.path.makedirs(self._canonical_path(path))
def append_file(self, path, content):
LOG.debug("Append file path=%s", path)
return nova.privsep.dac_admin.writefile(
return nova.privsep.path.writefile(
self._canonical_path(path), 'a', content)
def replace_file(self, path, content):
LOG.debug("Replace file path=%s", path)
return nova.privsep.dac_admin.writefile(
return nova.privsep.path.writefile(
self._canonical_path(path), 'w', content)
def read_file(self, path):
LOG.debug("Read file path=%s", path)
return nova.privsep.dac_admin.readfile(self._canonical_path(path))
return nova.privsep.path.readfile(self._canonical_path(path))
def has_file(self, path):
# NOTE(mikal): it is deliberate that we don't generate a canonical
# path here, as that tests for existance and would raise an exception.
LOG.debug("Has file path=%s", path)
return nova.privsep.dac_admin.path.exists(path)
return nova.privsep.path.path.exists(path)
def set_permissions(self, path, mode):
LOG.debug("Set permissions path=%(path)s mode=%(mode)o",
{'path': path, 'mode': mode})
nova.privsep.dac_admin.chmod(self._canonical_path(path), mode)
nova.privsep.path.chmod(self._canonical_path(path), mode)
def set_ownership(self, path, user, group):
LOG.debug("Set permissions path=%(path)s "
@ -138,7 +138,7 @@ class VFSLocalFS(vfs.VFS):
chown_kwargs['uid'] = pwd.getpwnam(user).pw_uid
if group:
chown_kwargs['gid'] = grp.getgrnam(group).gr_gid
nova.privsep.dac_admin.chown(canonpath, **chown_kwargs)
nova.privsep.path.chown(canonpath, **chown_kwargs)
def get_image_fs(self):
if self.mount.device or self.mount.get_dev():

8
nova/virt/libvirt/driver.py
View File

@ -82,8 +82,8 @@ from nova.objects import fields
from nova.objects import migrate_data as migrate_data_obj
from nova.pci import manager as pci_manager
from nova.pci import utils as pci_utils
from nova.privsep import dac_admin
import nova.privsep.libvirt
import nova.privsep.path
from nova import utils
from nova import version
from nova.virt import block_device as driver_block_device
@ -1908,7 +1908,7 @@ class LibvirtDriver(driver.ComputeDriver):
time.sleep(0.5)
dev.abort_job()
dac_admin.chown(disk_delta, uid=os.getuid())
nova.privsep.path.chown(disk_delta, uid=os.getuid())
finally:
self._host.write_instance_config(xml)
if quiesced:
@ -2899,7 +2899,7 @@ class LibvirtDriver(driver.ComputeDriver):
# flush of that pty device into the "console.log" file to ensure
# that a series of "get_console_output" calls return the complete
# content even after rebooting a guest.
dac_admin.writefile(console_log, 'a+', data)
nova.privsep.path.writefile(console_log, 'a+', data)
return self._get_console_output_file(instance, console_log)
def get_host_ip_addr(self):
@ -3216,7 +3216,7 @@ class LibvirtDriver(driver.ComputeDriver):
# PONDERING(mikal): can I assume that root is UID zero in every
# OS? Probably not.
uid = pwd.getpwnam('root').pw_uid
dac_admin.chown(image('disk').path, uid=uid)
nova.privsep.path.chown(image('disk').path, uid=uid)
self._create_and_inject_local_root(context, instance,
booted_from_volume, suffix,

8
nova/virt/libvirt/imagebackend.py
View File

@ -33,7 +33,7 @@ import nova.conf
from nova import exception
from nova.i18n import _
from nova import image
from nova.privsep import dac_admin
import nova.privsep.path
from nova import utils
from nova.virt.disk import api as disk
from nova.virt.image import model as imgmodel
@ -541,7 +541,7 @@ class Flat(Image):
# NOTE(mikal): Update the mtime of the base file so the image
# cache manager knows it is in use.
dac_admin.utime(base)
nova.privsep.path.utime(base)
self.verify_base_size(base, size)
if not os.path.exists(self.path):
with fileutils.remove_path_on_error(self.path):
@ -597,7 +597,7 @@ class Qcow2(Image):
# NOTE(ankit): Update the mtime of the base file so the image
# cache manager knows it is in use.
dac_admin.utime(base)
nova.privsep.path.utime(base)
self.verify_base_size(base, size)
legacy_backing_size = None
@ -1091,7 +1091,7 @@ class Ploop(Image):
prepare_template(target=base, *args, **kwargs)
else:
# Disk already exists in cache, just update time
dac_admin.utime(base)
nova.privsep.path.utime(base)
self.verify_base_size(base, size)
if os.path.exists(self.path):

6
nova/virt/libvirt/imagecache.py
View File

@ -32,7 +32,7 @@ from oslo_utils import encodeutils
import six
import nova.conf
from nova.privsep import dac_admin
import nova.privsep.path
from nova import utils
from nova.virt import imagecache
from nova.virt.libvirt import utils as libvirt_utils
@ -327,7 +327,7 @@ class ImageCacheManager(imagecache.ImageCacheManager):
LOG.debug('image %(id)s at (%(base_file)s): image is in use',
{'id': img_id, 'base_file': base_file})
dac_admin.utime(base_file)
nova.privsep.path.utime(base_file)
def _age_and_verify_swap_images(self, context, base_dir):
LOG.debug('Verify swap images')
@ -335,7 +335,7 @@ class ImageCacheManager(imagecache.ImageCacheManager):
for ent in self.back_swap_images:
base_file = os.path.join(base_dir, ent)
if ent in self.used_swap_images and os.path.exists(base_file):
dac_admin.utime(base_file)
nova.privsep.path.utime(base_file)
elif self.remove_unused_base_images:
self._remove_swap_file(base_file)