Secure root password on restore from backup after root-enable

On the restore of an instance that has root enabled on it, we need to ensure that we are correctly securing the root password so that the password is not empty. Fixes bug: 1211557 Change-Id: I6386b9e0573a39a6667504666556b918927abf76
2013-08-12 16:49:38 -07:00 · 2013-08-12 16:49:38 -07:00 · f5f93e3c80
parent 885d4b6dda
commit f5f93e3c80
4 changed files with 9 additions and 10 deletions
--- a/trove/guestagent/manager/mysql.py
+++ b/trove/guestagent/manager/mysql.py
@ -114,10 +114,10 @@ class Manager(periodic_task.PeriodicTasks):
            self._perform_restore(backup_id, context, CONF.mount_point, app)
        LOG.info(_("Securing mysql now."))
        app.secure(config_location, config_contents)
-        if backup_id and MySqlAdmin().is_root_enabled():
+        enable_root_on_restore = (backup_id and MySqlAdmin().is_root_enabled())
+        if enable_root_on_restore:
            MySqlAdmin().report_root_enabled(context)
-        else:
-            app.secure_root()
+        app.secure_root(secure_remote_root=not enable_root_on_restore)
        app.complete_install_or_restart()

        if databases:
--- a/trove/guestagent/manager/mysql_service.py
+++ b/trove/guestagent/manager/mysql_service.py
@ -666,13 +666,14 @@ class MySqlApp(object):

        LOG.info(_("Dbaas secure complete."))

-    def secure_root(self):
+    def secure_root(self, secure_remote_root=True):
        engine = sqlalchemy.create_engine("mysql://root:@localhost:3306",
                                          echo=True)
        with LocalSqlClient(engine) as client:
            LOG.info(_("Preserving root access from restore"))
            self._generate_root_password(client)
-            self._remove_remote_root_access(client)
+            if secure_remote_root:
+                self._remove_remote_root_access(client)

    def _install_mysql(self):
        """Install mysql server. The current version is 5.5"""
--- a/trove/guestagent/strategies/restore/base.py
+++ b/trove/guestagent/strategies/restore/base.py
@ -33,8 +33,7 @@ BACKUP_DECRYPT_KEY = CONF.backup_aes_cbc_key
 RESET_ROOT_RETRY_TIMEOUT = 100
 RESET_ROOT_SLEEP_INTERVAL = 10
 RESET_ROOT_MYSQL_COMMAND = """
-UPDATE mysql.user SET Password=PASSWORD('') WHERE User='root';
-FLUSH PRIVILEGES;
+SET PASSWORD FOR 'root'@'localhost'=PASSWORD('');
 """


--- a/trove/tests/unittests/guestagent/test_manager.py
+++ b/trove/tests/unittests/guestagent/test_manager.py
@ -156,7 +156,7 @@ class GuestAgentManagerTest(testtools.TestCase):
        when(dbaas.MySqlApp).install_if_needed().thenReturn(None)
        when(backup).restore(self.context, backup_id).thenReturn(None)
        when(dbaas.MySqlApp).secure(any()).thenReturn(None)
-        when(dbaas.MySqlApp).secure_root().thenReturn(None)
+        when(dbaas.MySqlApp).secure_root(any()).thenReturn(None)
        when(dbaas.MySqlApp).is_installed().thenReturn(is_mysql_installed)
        when(dbaas.MySqlAdmin).is_root_enabled().thenReturn(is_root_enabled)
        when(dbaas.MySqlAdmin).create_user().thenReturn(None)
@ -186,7 +186,6 @@ class GuestAgentManagerTest(testtools.TestCase):
        verify(dbaas.MySqlAdmin, never).create_database()
        verify(dbaas.MySqlAdmin, never).create_user()
        times_report = 1 if is_root_enabled else 0
-        times_reset_root = 1 if not backup_id or not is_root_enabled else 0
-        verify(dbaas.MySqlApp, times=times_reset_root).secure_root()
+        verify(dbaas.MySqlApp).secure_root(secure_remote_root=any())
        verify(dbaas.MySqlAdmin, times=times_report).report_root_enabled(
            self.context)