Cleanups for rootwrap module
Imports cleanup (to follow HACKING conventions) and rename of a test function for naming consistency. Change-Id: I57742ecb35e078cf72e4edb42dfe79ea40348997
This commit is contained in:
Thierry Carrez
parent
c233b8eaaf
commit
e3451ac309
@ -16,50 +16,50 @@
|
||||
# under the License.
|
||||
|
||||
|
||||
from nova.rootwrap.filters import CommandFilter, DnsmasqFilter
|
||||
from nova.rootwrap import filters
|
||||
|
||||
filters = [
|
||||
filterlist = [
|
||||
# nova/virt/disk/mount.py: 'kpartx', '-a', device
|
||||
# nova/virt/disk/mount.py: 'kpartx', '-d', device
|
||||
CommandFilter("/sbin/kpartx", "root"),
|
||||
filters.CommandFilter("/sbin/kpartx", "root"),
|
||||
|
||||
# nova/virt/disk/mount.py: 'tune2fs', '-c', 0, '-i', 0, mapped_device
|
||||
# nova/virt/xenapi/vm_utils.py: "tune2fs", "-O ^has_journal", part_path
|
||||
# nova/virt/xenapi/vm_utils.py: "tune2fs", "-j", partition_path
|
||||
CommandFilter("/sbin/tune2fs", "root"),
|
||||
filters.CommandFilter("/sbin/tune2fs", "root"),
|
||||
|
||||
# nova/virt/disk/mount.py: 'mount', mapped_device, mount_dir
|
||||
# nova/virt/xenapi/vm_utils.py: 'mount', '-t', 'ext2,ext3,ext4,reiserfs'..
|
||||
CommandFilter("/bin/mount", "root"),
|
||||
filters.CommandFilter("/bin/mount", "root"),
|
||||
|
||||
# nova/virt/disk/mount.py: 'umount', mapped_device
|
||||
# nova/virt/xenapi/vm_utils.py: 'umount', dev_path
|
||||
CommandFilter("/bin/umount", "root"),
|
||||
filters.CommandFilter("/bin/umount", "root"),
|
||||
|
||||
# nova/virt/disk/nbd.py: 'qemu-nbd', '-c', device, image
|
||||
# nova/virt/disk/nbd.py: 'qemu-nbd', '-d', device
|
||||
CommandFilter("/usr/bin/qemu-nbd", "root"),
|
||||
filters.CommandFilter("/usr/bin/qemu-nbd", "root"),
|
||||
|
||||
# nova/virt/disk/loop.py: 'losetup', '--find', '--show', image
|
||||
# nova/virt/disk/loop.py: 'losetup', '--detach', device
|
||||
CommandFilter("/sbin/losetup", "root"),
|
||||
filters.CommandFilter("/sbin/losetup", "root"),
|
||||
|
||||
# nova/virt/disk/guestfs.py: 'guestmount', '--rw', '-a', image, '-i'
|
||||
# nova/virt/disk/guestfs.py: 'guestmount', '--rw', '-a', image, '-m' dev
|
||||
CommandFilter("/usr/bin/guestmount", "root"),
|
||||
filters.CommandFilter("/usr/bin/guestmount", "root"),
|
||||
|
||||
# nova/virt/disk/guestfs.py: 'fusermount', 'u', mount_dir
|
||||
CommandFilter("/bin/fusermount", "root"),
|
||||
CommandFilter("/usr/bin/fusermount", "root"),
|
||||
filters.CommandFilter("/bin/fusermount", "root"),
|
||||
filters.CommandFilter("/usr/bin/fusermount", "root"),
|
||||
|
||||
# nova/virt/disk/api.py: 'tee', metadata_path
|
||||
# nova/virt/disk/api.py: 'tee', '-a', keyfile
|
||||
# nova/virt/disk/api.py: 'tee', netfile
|
||||
CommandFilter("/usr/bin/tee", "root"),
|
||||
filters.CommandFilter("/usr/bin/tee", "root"),
|
||||
|
||||
# nova/virt/disk/api.py: 'mkdir', '-p', sshdir
|
||||
# nova/virt/disk/api.py: 'mkdir', '-p', netdir
|
||||
CommandFilter("/bin/mkdir", "root"),
|
||||
filters.CommandFilter("/bin/mkdir", "root"),
|
||||
|
||||
# nova/virt/disk/api.py: 'chown', 'root', sshdir
|
||||
# nova/virt/disk/api.py: 'chown', 'root:root', netdir
|
||||
@ -67,11 +67,11 @@ filters = [
|
||||
# nova/virt/libvirt/connection.py: 'chown', os.getuid(), console_log
|
||||
# nova/virt/libvirt/connection.py: 'chown', 'root', basepath('disk')
|
||||
# nova/virt/xenapi/vm_utils.py: 'chown', os.getuid(), dev_path
|
||||
CommandFilter("/bin/chown", "root"),
|
||||
filters.CommandFilter("/bin/chown", "root"),
|
||||
|
||||
# nova/virt/disk/api.py: 'chmod', '700', sshdir
|
||||
# nova/virt/disk/api.py: 'chmod', 755, netdir
|
||||
CommandFilter("/bin/chmod", "root"),
|
||||
filters.CommandFilter("/bin/chmod", "root"),
|
||||
|
||||
# nova/virt/libvirt/vif.py: 'ip', 'tuntap', 'add', dev, 'mode', 'tap'
|
||||
# nova/virt/libvirt/vif.py: 'ip', 'link', 'set', dev, 'up'
|
||||
@ -92,46 +92,46 @@ filters = [
|
||||
# nova/network/linux_net.py: 'ip', 'addr', 'show', 'dev', interface, ..
|
||||
# nova/network/linux_net.py: 'ip', 'link', 'set', dev, "address", ..
|
||||
# nova/network/linux_net.py: 'ip', 'link', 'set', dev, 'up'
|
||||
CommandFilter("/sbin/ip", "root"),
|
||||
filters.CommandFilter("/sbin/ip", "root"),
|
||||
|
||||
# nova/virt/libvirt/vif.py: 'tunctl', '-b', '-t', dev
|
||||
CommandFilter("/usr/sbin/tunctl", "root"),
|
||||
filters.CommandFilter("/usr/sbin/tunctl", "root"),
|
||||
|
||||
# nova/virt/libvirt/vif.py: 'ovs-vsctl', ...
|
||||
# nova/virt/libvirt/vif.py: 'ovs-vsctl', 'del-port', ...
|
||||
# nova/network/linux_net.py: 'ovs-vsctl', ....
|
||||
CommandFilter("/usr/bin/ovs-vsctl", "root"),
|
||||
filters.CommandFilter("/usr/bin/ovs-vsctl", "root"),
|
||||
|
||||
# nova/virt/libvirt/connection.py: 'dd', "if=%s" % virsh_output, ...
|
||||
CommandFilter("/bin/dd", "root"),
|
||||
filters.CommandFilter("/bin/dd", "root"),
|
||||
|
||||
# nova/virt/xenapi/volume_utils.py: 'iscsiadm', '-m', ...
|
||||
CommandFilter("/sbin/iscsiadm", "root"),
|
||||
filters.CommandFilter("/sbin/iscsiadm", "root"),
|
||||
|
||||
# nova/virt/xenapi/vm_utils.py: "parted", "--script", ...
|
||||
# nova/virt/xenapi/vm_utils.py: 'parted', '--script', dev_path, ..*.
|
||||
CommandFilter("/sbin/parted", "root"),
|
||||
filters.CommandFilter("/sbin/parted", "root"),
|
||||
|
||||
# nova/virt/xenapi/vm_utils.py: fdisk %(dev_path)s
|
||||
CommandFilter("/sbin/fdisk", "root"),
|
||||
filters.CommandFilter("/sbin/fdisk", "root"),
|
||||
|
||||
# nova/virt/xenapi/vm_utils.py: "e2fsck", "-f", "-p", partition_path
|
||||
CommandFilter("/sbin/e2fsck", "root"),
|
||||
filters.CommandFilter("/sbin/e2fsck", "root"),
|
||||
|
||||
# nova/virt/xenapi/vm_utils.py: "resize2fs", partition_path
|
||||
CommandFilter("/sbin/resize2fs", "root"),
|
||||
filters.CommandFilter("/sbin/resize2fs", "root"),
|
||||
|
||||
# nova/network/linux_net.py: 'ip[6]tables-save' % (cmd,), '-t', ...
|
||||
CommandFilter("/sbin/iptables-save", "root"),
|
||||
CommandFilter("/sbin/ip6tables-save", "root"),
|
||||
filters.CommandFilter("/sbin/iptables-save", "root"),
|
||||
filters.CommandFilter("/sbin/ip6tables-save", "root"),
|
||||
|
||||
# nova/network/linux_net.py: 'ip[6]tables-restore' % (cmd,)
|
||||
CommandFilter("/sbin/iptables-restore", "root"),
|
||||
CommandFilter("/sbin/ip6tables-restore", "root"),
|
||||
filters.CommandFilter("/sbin/iptables-restore", "root"),
|
||||
filters.CommandFilter("/sbin/ip6tables-restore", "root"),
|
||||
|
||||
# nova/network/linux_net.py: 'arping', '-U', floating_ip, '-A', '-I', ...
|
||||
# nova/network/linux_net.py: 'arping', '-U', network_ref['dhcp_server'],..
|
||||
CommandFilter("/usr/bin/arping", "root"),
|
||||
filters.CommandFilter("/usr/bin/arping", "root"),
|
||||
|
||||
# nova/network/linux_net.py: 'route', '-n'
|
||||
# nova/network/linux_net.py: 'route', 'del', 'default', 'gw'
|
||||
@ -139,26 +139,26 @@ filters = [
|
||||
# nova/network/linux_net.py: 'route', '-n'
|
||||
# nova/network/linux_net.py: 'route', 'del', 'default', 'gw', old_gw, ..
|
||||
# nova/network/linux_net.py: 'route', 'add', 'default', 'gw', old_gateway
|
||||
CommandFilter("/sbin/route", "root"),
|
||||
filters.CommandFilter("/sbin/route", "root"),
|
||||
|
||||
# nova/network/linux_net.py: 'dhcp_release', dev, address, mac_address
|
||||
CommandFilter("/usr/bin/dhcp_release", "root"),
|
||||
filters.CommandFilter("/usr/bin/dhcp_release", "root"),
|
||||
|
||||
# nova/network/linux_net.py: 'kill', '-9', pid
|
||||
# nova/network/linux_net.py: 'kill', '-HUP', pid
|
||||
# nova/network/linux_net.py: 'kill', pid
|
||||
CommandFilter("/bin/kill", "root"),
|
||||
filters.CommandFilter("/bin/kill", "root"),
|
||||
|
||||
# nova/network/linux_net.py: dnsmasq call
|
||||
DnsmasqFilter("/usr/sbin/dnsmasq", "root"),
|
||||
filters.DnsmasqFilter("/usr/sbin/dnsmasq", "root"),
|
||||
|
||||
# nova/network/linux_net.py: 'radvd', '-C', '%s' % _ra_file(dev, 'conf'),..
|
||||
CommandFilter("/usr/sbin/radvd", "root"),
|
||||
filters.CommandFilter("/usr/sbin/radvd", "root"),
|
||||
|
||||
# nova/network/linux_net.py: 'brctl', 'addbr', bridge
|
||||
# nova/network/linux_net.py: 'brctl', 'setfd', bridge, 0
|
||||
# nova/network/linux_net.py: 'brctl', 'stp', bridge, 'off'
|
||||
# nova/network/linux_net.py: 'brctl', 'addif', bridge, interface
|
||||
CommandFilter("/sbin/brctl", "root"),
|
||||
CommandFilter("/usr/sbin/brctl", "root"),
|
||||
filters.CommandFilter("/sbin/brctl", "root"),
|
||||
filters.CommandFilter("/usr/sbin/brctl", "root"),
|
||||
]
|
||||
|
||||
@ -16,9 +16,9 @@
|
||||
# under the License.
|
||||
|
||||
|
||||
from nova.rootwrap.filters import CommandFilter, DnsmasqFilter
|
||||
from nova.rootwrap import filters
|
||||
|
||||
filters = [
|
||||
filterlist = [
|
||||
# nova/network/linux_net.py: 'ip', 'addr', 'add', str(floating_ip)+'/32'i..
|
||||
# nova/network/linux_net.py: 'ip', 'addr', 'del', str(floating_ip)+'/32'..
|
||||
# nova/network/linux_net.py: 'ip', 'addr', 'add', '169.254.169.254/32',..
|
||||
@ -35,19 +35,19 @@ filters = [
|
||||
# nova/network/linux_net.py: 'ip', 'addr', 'show', 'dev', interface, ..
|
||||
# nova/network/linux_net.py: 'ip', 'link', 'set', dev, "address", ..
|
||||
# nova/network/linux_net.py: 'ip', 'link', 'set', dev, 'up'
|
||||
CommandFilter("/sbin/ip", "root"),
|
||||
filters.CommandFilter("/sbin/ip", "root"),
|
||||
|
||||
# nova/network/linux_net.py: 'ip[6]tables-save' % (cmd,), '-t', ...
|
||||
CommandFilter("/sbin/iptables-save", "root"),
|
||||
CommandFilter("/sbin/ip6tables-save", "root"),
|
||||
filters.CommandFilter("/sbin/iptables-save", "root"),
|
||||
filters.CommandFilter("/sbin/ip6tables-save", "root"),
|
||||
|
||||
# nova/network/linux_net.py: 'ip[6]tables-restore' % (cmd,)
|
||||
CommandFilter("/sbin/iptables-restore", "root"),
|
||||
CommandFilter("/sbin/ip6tables-restore", "root"),
|
||||
filters.CommandFilter("/sbin/iptables-restore", "root"),
|
||||
filters.CommandFilter("/sbin/ip6tables-restore", "root"),
|
||||
|
||||
# nova/network/linux_net.py: 'arping', '-U', floating_ip, '-A', '-I', ...
|
||||
# nova/network/linux_net.py: 'arping', '-U', network_ref['dhcp_server'],..
|
||||
CommandFilter("/usr/bin/arping", "root"),
|
||||
filters.CommandFilter("/usr/bin/arping", "root"),
|
||||
|
||||
# nova/network/linux_net.py: 'route', '-n'
|
||||
# nova/network/linux_net.py: 'route', 'del', 'default', 'gw'
|
||||
@ -55,29 +55,29 @@ filters = [
|
||||
# nova/network/linux_net.py: 'route', '-n'
|
||||
# nova/network/linux_net.py: 'route', 'del', 'default', 'gw', old_gw, ..
|
||||
# nova/network/linux_net.py: 'route', 'add', 'default', 'gw', old_gateway
|
||||
CommandFilter("/sbin/route", "root"),
|
||||
filters.CommandFilter("/sbin/route", "root"),
|
||||
|
||||
# nova/network/linux_net.py: 'dhcp_release', dev, address, mac_address
|
||||
CommandFilter("/usr/bin/dhcp_release", "root"),
|
||||
filters.CommandFilter("/usr/bin/dhcp_release", "root"),
|
||||
|
||||
# nova/network/linux_net.py: 'kill', '-9', pid
|
||||
# nova/network/linux_net.py: 'kill', '-HUP', pid
|
||||
# nova/network/linux_net.py: 'kill', pid
|
||||
CommandFilter("/bin/kill", "root"),
|
||||
filters.CommandFilter("/bin/kill", "root"),
|
||||
|
||||
# nova/network/linux_net.py: dnsmasq call
|
||||
DnsmasqFilter("/usr/sbin/dnsmasq", "root"),
|
||||
filters.DnsmasqFilter("/usr/sbin/dnsmasq", "root"),
|
||||
|
||||
# nova/network/linux_net.py: 'radvd', '-C', '%s' % _ra_file(dev, 'conf'),..
|
||||
CommandFilter("/usr/sbin/radvd", "root"),
|
||||
filters.CommandFilter("/usr/sbin/radvd", "root"),
|
||||
|
||||
# nova/network/linux_net.py: 'brctl', 'addbr', bridge
|
||||
# nova/network/linux_net.py: 'brctl', 'setfd', bridge, 0
|
||||
# nova/network/linux_net.py: 'brctl', 'stp', bridge, 'off'
|
||||
# nova/network/linux_net.py: 'brctl', 'addif', bridge, interface
|
||||
CommandFilter("/sbin/brctl", "root"),
|
||||
CommandFilter("/usr/sbin/brctl", "root"),
|
||||
filters.CommandFilter("/sbin/brctl", "root"),
|
||||
filters.CommandFilter("/usr/sbin/brctl", "root"),
|
||||
|
||||
# nova/network/linux_net.py: 'ovs-vsctl', ....
|
||||
CommandFilter("/usr/bin/ovs-vsctl", "root"),
|
||||
filters.CommandFilter("/usr/bin/ovs-vsctl", "root"),
|
||||
]
|
||||
|
||||
@ -16,32 +16,32 @@
|
||||
# under the License.
|
||||
|
||||
|
||||
from nova.rootwrap.filters import CommandFilter
|
||||
from nova.rootwrap import filters
|
||||
|
||||
filters = [
|
||||
filterlist = [
|
||||
# nova/volume/iscsi.py: iscsi_helper '--op' ...
|
||||
CommandFilter("/usr/sbin/ietadm", "root"),
|
||||
CommandFilter("/usr/sbin/tgtadm", "root"),
|
||||
filters.CommandFilter("/usr/sbin/ietadm", "root"),
|
||||
filters.CommandFilter("/usr/sbin/tgtadm", "root"),
|
||||
|
||||
# nova/volume/driver.py: 'vgs', '--noheadings', '-o', 'name'
|
||||
CommandFilter("/sbin/vgs", "root"),
|
||||
filters.CommandFilter("/sbin/vgs", "root"),
|
||||
|
||||
# nova/volume/driver.py: 'lvcreate', '-L', sizestr, '-n', volume_name,..
|
||||
# nova/volume/driver.py: 'lvcreate', '-L', ...
|
||||
CommandFilter("/sbin/lvcreate", "root"),
|
||||
filters.CommandFilter("/sbin/lvcreate", "root"),
|
||||
|
||||
# nova/volume/driver.py: 'dd', 'if=%s' % srcstr, 'of=%s' % deststr,...
|
||||
CommandFilter("/bin/dd", "root"),
|
||||
filters.CommandFilter("/bin/dd", "root"),
|
||||
|
||||
# nova/volume/driver.py: 'lvremove', '-f', "%s/%s" % ...
|
||||
CommandFilter("/sbin/lvremove", "root"),
|
||||
filters.CommandFilter("/sbin/lvremove", "root"),
|
||||
|
||||
# nova/volume/driver.py: 'lvdisplay', '--noheading', '-C', '-o', 'Attr',..
|
||||
CommandFilter("/sbin/lvdisplay", "root"),
|
||||
filters.CommandFilter("/sbin/lvdisplay", "root"),
|
||||
|
||||
# nova/volume/driver.py: 'iscsiadm', '-m', 'discovery', '-t',...
|
||||
# nova/volume/driver.py: 'iscsiadm', '-m', 'node', '-T', ...
|
||||
CommandFilter("/sbin/iscsiadm", "root"),
|
||||
filters.CommandFilter("/sbin/iscsiadm", "root"),
|
||||
|
||||
# nova/volume/driver.py:'/var/lib/zadara/bin/zadara_sncfg', *
|
||||
# sudoers does not allow zadara_sncfg yet
|
||||
|
||||
@ -33,7 +33,7 @@ def load_filters():
|
||||
try:
|
||||
__import__(modulename)
|
||||
module = sys.modules[modulename]
|
||||
filters = filters + module.filters
|
||||
filters = filters + module.filterlist
|
||||
except ImportError:
|
||||
# It's OK to have missing filters, since filter modules are
|
||||
# shipped with specific nodes rather than with python-nova
|
||||
|
||||
@ -14,8 +14,8 @@
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from nova.rootwrap.filters import CommandFilter, RegExpFilter, DnsmasqFilter
|
||||
from nova.rootwrap.wrapper import match_filter
|
||||
from nova.rootwrap import filters
|
||||
from nova.rootwrap import wrapper
|
||||
from nova import test
|
||||
|
||||
|
||||
@ -24,11 +24,11 @@ class RootwrapTestCase(test.TestCase):
|
||||
def setUp(self):
|
||||
super(RootwrapTestCase, self).setUp()
|
||||
self.filters = [
|
||||
RegExpFilter("/bin/ls", "root", 'ls', '/[a-z]+'),
|
||||
CommandFilter("/usr/bin/foo_bar_not_exist", "root"),
|
||||
RegExpFilter("/bin/cat", "root", 'cat', '/[a-z]+'),
|
||||
CommandFilter("/nonexistant/cat", "root"),
|
||||
CommandFilter("/bin/cat", "root") # Keep this one last
|
||||
filters.RegExpFilter("/bin/ls", "root", 'ls', '/[a-z]+'),
|
||||
filters.CommandFilter("/usr/bin/foo_bar_not_exist", "root"),
|
||||
filters.RegExpFilter("/bin/cat", "root", 'cat', '/[a-z]+'),
|
||||
filters.CommandFilter("/nonexistant/cat", "root"),
|
||||
filters.CommandFilter("/bin/cat", "root") # Keep this one last
|
||||
]
|
||||
|
||||
def tearDown(self):
|
||||
@ -36,24 +36,24 @@ class RootwrapTestCase(test.TestCase):
|
||||
|
||||
def test_RegExpFilter_match(self):
|
||||
usercmd = ["ls", "/root"]
|
||||
filtermatch = match_filter(self.filters, usercmd)
|
||||
filtermatch = wrapper.match_filter(self.filters, usercmd)
|
||||
self.assertFalse(filtermatch is None)
|
||||
self.assertEqual(filtermatch.get_command(usercmd),
|
||||
["/bin/ls", "/root"])
|
||||
|
||||
def test_RegExpFilter_reject(self):
|
||||
usercmd = ["ls", "root"]
|
||||
filtermatch = match_filter(self.filters, usercmd)
|
||||
filtermatch = wrapper.match_filter(self.filters, usercmd)
|
||||
self.assertTrue(filtermatch is None)
|
||||
|
||||
def test_missing_command(self):
|
||||
usercmd = ["foo_bar_not_exist"]
|
||||
filtermatch = match_filter(self.filters, usercmd)
|
||||
filtermatch = wrapper.match_filter(self.filters, usercmd)
|
||||
self.assertTrue(filtermatch is None)
|
||||
|
||||
def test_dnsmasq_filter(self):
|
||||
def test_DnsmasqFilter(self):
|
||||
usercmd = ['FLAGFILE=A', 'NETWORK_ID="foo bar"', 'dnsmasq', 'foo']
|
||||
f = DnsmasqFilter("/usr/bin/dnsmasq", "root")
|
||||
f = filters.DnsmasqFilter("/usr/bin/dnsmasq", "root")
|
||||
self.assertTrue(f.match(usercmd))
|
||||
self.assertEqual(f.get_command(usercmd),
|
||||
['FLAGFILE=A', 'NETWORK_ID="foo bar"', '/usr/bin/dnsmasq', 'foo'])
|
||||
@ -61,5 +61,5 @@ class RootwrapTestCase(test.TestCase):
|
||||
def test_skips(self):
|
||||
# Check that all filters are skipped and that the last matches
|
||||
usercmd = ["cat", "/"]
|
||||
filtermatch = match_filter(self.filters, usercmd)
|
||||
filtermatch = wrapper.match_filter(self.filters, usercmd)
|
||||
self.assertTrue(filtermatch is self.filters[-1])
|
||||
|
||||
Loading…
Reference in New Issue
Block a user