Change name and document the bind_mount config paths

The content in these can be a file or a directory - so _dirs is
confusing. Change it to _paths and document it.

Change-Id: Ida38766cd3d440d75a6dc55035a54e0804e03760
This commit is contained in:
Monty Taylor 2017-07-28 16:01:20 -05:00
parent b41a5d9e8f
commit 01380dd885
No known key found for this signature in database
GPG Key ID: 7BAE94BC7141A594
6 changed files with 42 additions and 22 deletions

View File

@ -361,6 +361,26 @@ executor
disk_limit_per_job=100 disk_limit_per_job=100
**trusted_ro_paths**
List of paths, separated by ':' to read-only bind mount into trusted
bubblewrap contexts.
**trusted_rw_paths**
List of paths, separated by ':' to read-write bind mount into trusted
bubblewrap contexts.
**untrusted_ro_paths**
List of paths, separated by ':' to read-only bind mount into untrusted
bubblewrap contexts.
**untrusted_rw_paths**
List of paths, separated by ':' to read-write bind mount into untrusted
bubblewrap contexts.
merger merger
"""""" """"""

View File

@ -27,8 +27,8 @@ zuul_url=http://zuul.example.com/p
[executor] [executor]
default_username=zuul default_username=zuul
trusted_ro_dirs=/opt/zuul-scripts:/var/cache trusted_ro_paths=/opt/zuul-scripts:/var/cache
trusted_rw_dirs=/opt/zuul-logs trusted_rw_paths=/opt/zuul-logs
[web] [web]
listen_address=127.0.0.1 listen_address=127.0.0.1

View File

@ -2080,7 +2080,7 @@ class ZuulTestCase(BaseTestCase):
self.copyDirToRepo(project, self.copyDirToRepo(project,
os.path.join(git_path, reponame)) os.path.join(git_path, reponame))
# Make test_root persist after ansible run for .flag test # Make test_root persist after ansible run for .flag test
self.config.set('executor', 'trusted_rw_dirs', self.test_root) self.config.set('executor', 'trusted_rw_paths', self.test_root)
self.setupAllProjectKeys() self.setupAllProjectKeys()
def setupSimpleLayout(self): def setupSimpleLayout(self):

View File

@ -272,11 +272,11 @@ class WrapperInterface(object, metaclass=abc.ABCMeta):
pass pass
@abc.abstractmethod @abc.abstractmethod
def setMountsMap(self, state_dir, ro_dirs=[], rw_dirs=[]): def setMountsMap(self, state_dir, ro_paths=None, rw_paths=None):
"""Add additional mount point to the execution environment. """Add additional mount point to the execution environment.
:arg str state_dir: the state directory to be read write :arg str state_dir: the state directory to be read write
:arg list ro_dirs: read only directories paths :arg list ro_paths: read only files or directories to bind mount
:arg list rw_dirs: read write directories paths :arg list rw_paths: read write files or directories to bind mount
""" """
pass pass

View File

@ -83,12 +83,12 @@ class BubblewrapDriver(Driver, WrapperInterface):
def stop(self): def stop(self):
pass pass
def setMountsMap(self, ro_dirs=None, rw_dirs=None): def setMountsMap(self, ro_paths=None, rw_paths=None):
if not ro_dirs: if not ro_paths:
ro_dirs = [] ro_paths = []
if not rw_dirs: if not rw_paths:
rw_dirs = [] rw_paths = []
self.mounts_map = {'ro': ro_dirs, 'rw': rw_dirs} self.mounts_map = {'ro': ro_paths, 'rw': rw_paths}
def getPopen(self, **kwargs): def getPopen(self, **kwargs):
# Set zuul_dir if it was not passed in # Set zuul_dir if it was not passed in

View File

@ -1467,20 +1467,20 @@ class AnsibleJob(object):
opt_prefix = 'trusted' opt_prefix = 'trusted'
else: else:
opt_prefix = 'untrusted' opt_prefix = 'untrusted'
ro_dirs = get_default(self.executor_server.config, 'executor', ro_paths = get_default(self.executor_server.config, 'executor',
'%s_ro_dirs' % opt_prefix) '%s_ro_paths' % opt_prefix)
rw_dirs = get_default(self.executor_server.config, 'executor', rw_paths = get_default(self.executor_server.config, 'executor',
'%s_rw_dirs' % opt_prefix) '%s_rw_paths' % opt_prefix)
ro_dirs = ro_dirs.split(":") if ro_dirs else [] ro_paths = ro_paths.split(":") if ro_paths else []
rw_dirs = rw_dirs.split(":") if rw_dirs else [] rw_paths = rw_paths.split(":") if rw_paths else []
ro_dirs.append(self.executor_server.ansible_dir) ro_paths.append(self.executor_server.ansible_dir)
if self.executor_variables_file: if self.executor_variables_file:
ro_dirs.append(self.executor_variables_file) ro_paths.append(self.executor_variables_file)
self.executor_server.execution_wrapper.setMountsMap(ro_dirs, self.executor_server.execution_wrapper.setMountsMap(ro_paths,
rw_dirs) rw_paths)
popen = self.executor_server.execution_wrapper.getPopen( popen = self.executor_server.execution_wrapper.getPopen(
work_dir=self.jobdir.root, work_dir=self.jobdir.root,