openstack
/
tripleo-common
Code Issues Proposed changes

Fix chown command for tripleo validation. 

This change will allow the current changes in the sudoers file to
execute correctly. The fix will match how sudo expects the workflow
call to be performed.

Change-Id: I5b790820bcec207ff7ceff1a23b3ed22858e5a52
This commit is contained in:
Toure Dunnon 2017-10-04 16:49:22 -04:00 committed by Dougal Matthews
parent 9f5e38e7d3
commit 26fdf89e67
3 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
sudoers
View File

@ -3,7 +3,6 @@ Defaults:validations !requiretty
Defaults:mistral !requiretty
mistral ALL = (validations) NOPASSWD:SETENV: /usr/bin/run-validation
mistral ALL = NOPASSWD: /usr/bin/chown -h validations\: /tmp/validations_identity_[A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_], \
/usr/bin/chown validations\: /tmp/validations_identity_[A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_], \
!/usr/bin/chown /tmp/validations_identity_* *, !/usr/bin/chown /tmp/validations_identity_*..*
mistral ALL = NOPASSWD: /usr/bin/rm -f /tmp/validations_identity_[A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_], \
!/usr/bin/rm /tmp/validations_identity_* *, !/usr/bin/rm /tmp/validations_identity_*..*

3
tripleo_common/tests/utils/test_validations.py
View File

@ -101,7 +101,8 @@ class ValidationsKeyTest(base.TestCase):
mock_open_context.assert_called_once_with('fd', 'w')
mock_open_context().write.assert_called_once_with('private_key')
mock_execute.assert_called_once_with(
'/usr/bin/sudo', '/usr/bin/chown', 'validations:', 'tmp_path')
'/usr/bin/sudo', '/usr/bin/chown', '-h', 'validations:',
'tmp_path')
@mock.patch("oslo_concurrency.processutils.execute")
def test_cleanup_identity_file(self, mock_execute):

4
tripleo_common/utils/validations.py
View File

@ -97,8 +97,8 @@ def write_identity_file(key):
LOG.debug('Writing SSH key to disk at %s', path)
with os.fdopen(fd, 'w') as tmp:
tmp.write(key)
processutils.execute('/usr/bin/sudo', '/usr/bin/chown', 'validations:',
path)
processutils.execute('/usr/bin/sudo', '/usr/bin/chown', '-h',
'validations:', path)
return path