From 26fdf89e67865ba7a6afc2007bdf9f4692da09ec Mon Sep 17 00:00:00 2001
From: Toure Dunnon <toure@redhat.com>
Date: Wed, 4 Oct 2017 16:49:22 -0400
Subject: [PATCH] Fix chown command for tripleo validation.

This change will allow the current changes in the sudoers file to
execute correctly. The fix will match how sudo expects the workflow
call to be performed.

Change-Id: I5b790820bcec207ff7ceff1a23b3ed22858e5a52
---
 sudoers                                        | 1 -
 tripleo_common/tests/utils/test_validations.py | 3 ++-
 tripleo_common/utils/validations.py            | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/sudoers b/sudoers
index db590fd48..0832623ee 100644
--- a/sudoers
+++ b/sudoers
@@ -3,7 +3,6 @@ Defaults:validations !requiretty
 Defaults:mistral !requiretty
 mistral ALL = (validations) NOPASSWD:SETENV: /usr/bin/run-validation
 mistral ALL = NOPASSWD: /usr/bin/chown -h validations\: /tmp/validations_identity_[A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_], \
-        /usr/bin/chown validations\: /tmp/validations_identity_[A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_], \
         !/usr/bin/chown /tmp/validations_identity_* *, !/usr/bin/chown /tmp/validations_identity_*..*
 mistral ALL = NOPASSWD: /usr/bin/rm -f /tmp/validations_identity_[A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_][A-Za-z0-9_], \
         !/usr/bin/rm /tmp/validations_identity_* *, !/usr/bin/rm /tmp/validations_identity_*..*
diff --git a/tripleo_common/tests/utils/test_validations.py b/tripleo_common/tests/utils/test_validations.py
index 9b06bff1e..d8ad2b8b5 100644
--- a/tripleo_common/tests/utils/test_validations.py
+++ b/tripleo_common/tests/utils/test_validations.py
@@ -101,7 +101,8 @@ class ValidationsKeyTest(base.TestCase):
         mock_open_context.assert_called_once_with('fd', 'w')
         mock_open_context().write.assert_called_once_with('private_key')
         mock_execute.assert_called_once_with(
-            '/usr/bin/sudo', '/usr/bin/chown', 'validations:', 'tmp_path')
+            '/usr/bin/sudo', '/usr/bin/chown', '-h', 'validations:',
+            'tmp_path')
 
     @mock.patch("oslo_concurrency.processutils.execute")
     def test_cleanup_identity_file(self, mock_execute):
diff --git a/tripleo_common/utils/validations.py b/tripleo_common/utils/validations.py
index 675d39feb..7c78028e7 100644
--- a/tripleo_common/utils/validations.py
+++ b/tripleo_common/utils/validations.py
@@ -97,8 +97,8 @@ def write_identity_file(key):
     LOG.debug('Writing SSH key to disk at %s', path)
     with os.fdopen(fd, 'w') as tmp:
         tmp.write(key)
-    processutils.execute('/usr/bin/sudo', '/usr/bin/chown', 'validations:',
-                         path)
+    processutils.execute('/usr/bin/sudo', '/usr/bin/chown', '-h',
+                         'validations:', path)
     return path