Disable command run under root user

Running openstack command with python-tripleoclient under root user is not supported and should not be allowed. Added check for user and exit if it is root (EUID=0) to openstack undercloud install command. Each command can be disabled for root by adding utils.ensure_run_as_normal_user() into it's body. Change-Id: I685c639e02790483d1607c7eac038f8b9b8dc99e Closes-Bug: rhbz#1239088
2015-09-09 14:02:32 +02:00 · 2015-09-09 14:02:32 +02:00 · f538e304a5
parent dfa236730a
commit f538e304a5
4 changed files with 30 additions and 0 deletions
--- a/tripleoclient/exceptions.py
+++ b/tripleoclient/exceptions.py
@ -39,3 +39,8 @@ class NotFound(Exception):
 class DeploymentError(Exception):
    """Deployment failed"""
    pass
+
+
+class RootUserExecution(Exception):
+    """Command was executed by a root user"""
+    pass
--- a/tripleoclient/tests/test_utils.py
+++ b/tripleoclient/tests/test_utils.py
@ -413,3 +413,17 @@ class TestCheckNodesCount(TestCase):

        self.assertRaises(ValueError, utils.check_nodes_count,
                          self.baremetal, self.stack, dict(), self.defaults)
+
+
+class TestEnsureRunAsNormalUser(TestCase):
+
+    @mock.patch('os.geteuid')
+    def test_ensure_run_as_normal_user(self, os_geteuid_mock):
+        os_geteuid_mock.return_value = 1000
+        self.assertEqual(utils.ensure_run_as_normal_user(), None)
+
+    @mock.patch('os.geteuid')
+    def test_ensure_run_as_normal_user_root(self, os_geteuid_mock):
+        os_geteuid_mock.return_value = 0
+        self.assertRaises(exceptions.RootUserExecution,
+                          utils.ensure_run_as_normal_user)
--- a/tripleoclient/utils.py
+++ b/tripleoclient/utils.py
@ -518,3 +518,11 @@ def check_nodes_count(baremetal_client, stack, parameters, defaults):
                ironic_nodes_count, count))
    else:
        return True
+
+
+def ensure_run_as_normal_user():
+    """Check if the command runs under normal user (EUID!=0)"""
+    if os.geteuid() == 0:
+        raise exceptions.RootUserExecution(
+            'This command cannot run under root user.'
+            ' Switch to a normal user.')
--- a/tripleoclient/v1/undercloud.py
+++ b/tripleoclient/v1/undercloud.py
@ -19,6 +19,7 @@ import logging
 import subprocess

 from cliff import command
+from tripleoclient import utils


 class InstallPlugin(command.Command):
@ -30,6 +31,8 @@ class InstallPlugin(command.Command):
    def take_action(self, parsed_args):
        self.log.debug("take_action(%s)" % parsed_args)

+        utils.ensure_run_as_normal_user()
+
        subprocess.check_call("instack-install-undercloud")

        return