| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Now that we no longer support py27, we can use the standard library
unittest.mock module instead of the third party mock lib.
Change-Id: Ib6e4e7f89a9990cfb42afa209878812340109ecf
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
|
|
|
|
|
|
|
| |
We are stuck on a very old version of hacking (0.8). In order to move
forward, we need to fix a bunch of things that flake8 will complain about.
Change-Id: If40ac29094b90c5bae63e7423061a190655f50a3
|
|
|
|
|
| |
Change-Id: I24e87a1c341f63929f93d7306782e3e9d6b398fb
Partial-Bug: #1475722
|
|
|
|
|
|
|
|
| |
Replace assertEqual(None, *) with assertIsNone in tests to have
more clear messages in case of failure.
Change-Id: Ic2dca04e7cdd4f837c42b39dd1ce37604c8f101b
Closes-bug: #1280522
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commands from AWS::CloudFormation::Init, when supplied as list, should
be run with shell=False. Only when commands are given as string, they
are meant to be run on shell.
In principle, we are trying to give least access to the shell to avoid
any inadvertent shell injections.
Change-Id: I3dc6fe0c29a14f75be044846f737e1ade23a6d6b
Closes-Bug: 1498300
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make all internal commands as list to avoid any possibility of command
line injection. Commands supplied as string are susceptible to
substitution.
All the internal commands are supplied as list to CommandRunner. As a
convention, all the commands must be given as list to subprocess except
the commands read from file, like in case of cfn hooks and commands
section in metadata.
Few internal commands require shell redirects and they will be
implemented in another patch.
Change-Id: Ifabaf44e341144bc85508dc05c76b1d83e41ae44
Partial-Bug: #1312246
|
|
|
|
|
|
|
|
|
|
|
| |
Control the privileges by setting the effective UID before running the
command. Earlier we used to run command using su -c "USER".
Original EUID is restored after running the command. This is required to
run multiple commands in succession with different run-as users.
Change-Id: I414fc6a802f11deb320b43c6d011f802a42c40c9
Partial-Bug: #1312246
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit e424af2236ed1d6e6d0e11768f873ffe4e696221.
Splitting command strings that were previously assumed to be interpreted
by the shell at whitespace and then passing them as separate args to
execvp will not work.
Change-Id: I7c37b5852ce9b20e63bdbbaddfb852463548aa90
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The CommandRunner used to run commands using su command and passing the
actual command to be run as argument to it.
su USER -c <cmd>
This is susceptible to command line injection as noted in the bug.
The fix required to do two things:
1. Pass the command to be run as list instead of a string. This is to
ensure that the actual arguments are passed as arguments to the program
ought to be executed. And by doing so, avoids running any commands
passed in the argument. On the contrary, if the command were passed as a
string to the shell, the arguments could be formed in a way to execute
malicious commands.
2. The CommandRunner runs the command directly and uses setuid to lower
the privileges if needed. If the 'runas' user is other than root, then
its UID is obtained and setuid is invoked to set the real user-id and
effective user-id to the given user.
Change-Id: I654117e994fd38411508dbe9b85d06c28dc0e411
Closes-Bug: #1312246
|
|
|
|
|
|
|
| |
Fix failing tests.
Co-Authored-By: Sirushti Murugesan <sirushti.murugesan@hp.com>
Change-Id: If44ea49e5d6262f6e6b51dfdfb76754fb7c467d5
|
|
|
|
|
| |
Change-Id: I55579328adc7003f78e78161aa6e047524a5c805
Related-Bug: 1403214
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* ConfigParser import from six
* Drop iteritems()
* To support both Python 2 and 3
* Encode string before writing it to file
* To support both Python 2 and 3
* Use six.string_types
* To support both Python 2 and 3
* Use key on Python 3
* Because cmp is no longer working
* Add py33 and py34 to tox.ini
Change-Id: I23985be55302cd4ef577919efb51975ecbd9563d
Related-Bug: 1347899
|
|
|
|
|
|
|
|
|
|
|
| |
* handle install/upgrade, version checks, and downgrades
* Allow users to specify packages to be installed with dnf
* Use dnf if yum isn't available, letting older cloud-configs work on
future Fedoras
Change-Id: Ib3ff49cfdd3e545aa199c944c110852700625496
|
|
|
|
|
|
|
|
| |
heat-cfntools depends on wget and curl. It's redundant.
Since the curl is widely used, replace wget command to curl.
Change-Id: I691bdc046bd72a44c11f25e359c5036ae1a9e86b
Closes-Bug: 1359430
|
|
|
|
|
|
|
|
| |
test_cfn_helper.py has a part of code which enforces the order of packages
or services processes. But the order is non-deterministic.
Change-Id: I37c4abe697fb3391793ce74fc730b127e920710a
Closes-Bug: #1360212
|
|\ |
|
| |
| |
| |
| |
| |
| |
| | |
SUSE uses "zypper" for managing packages.
Change-Id: Iac8399e7a4e85e33cad1085f11a08fdb538a96e6
blueprint: heat-cfntools-zypper
|
|/
|
|
|
|
|
|
|
|
|
|
| |
In ubuntu system, we can't find 'chkconfig' command, it use
"update-rc.d" or "sysv-rc-conf" for instead.
_handle_sysv_command function will pick up the right command to
enable service for ubuntu or fedora or redhat, and also map systemd
to _handle_sysv_command and remove _handle_systemd_command.
Change-Id: I5b7ceb7541e989f6b11fc1a5acf94275c1d2e75b
Closes-Bug: #1318481
|
|
|
|
|
|
|
| |
mox3 is the Python 3.x compatible replacement
of mox.
Change-Id: If107d0ebde50d3461505c5f722d53557993f1e7e
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
cfn-init will now fail immediately if a command with the key
ignoreErrors='false' or without that key fails (eg it returns an exit
code other than 0). This is similar to what the AWS cfn-init script is
doing.
Change-Id: I41bfa36154fa8b16541a6abb489495739b772376
Closes-Bug: #1269476
|
|/
|
|
|
|
|
|
|
|
| |
Unless the parameter is provided, cfn-signal will use the instance UUID
from the Nova metadata as the id sent back to the WaitCondition.
In case the Nova metadata isn't available, it will use the hostname as a
fallback.
Change-Id: I1e5847c7babd7c6295d8c3e21f6cfa110a9b3026
Closes-bug: 1223429
|
|
|
|
|
|
|
|
| |
And fix pep8 issues discovered by hacking update. Remove dependencies
on pep8, pyflakes and flake8. They should be determined by the hacking
dependency implicitely.
Change-Id: I3fefdabcfdc09c28756f5ab0f5a99d12de2d8a3a
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
before we would get this:
yum install a
yum install a b
yum install a b c
Now we just get
yum install a b c
Change-Id: I2067922ab03de9488a0cd4e08c8d44c00296cd6a
Closes-bug: #1235796
|
|
|
|
|
| |
Change-Id: I96e3bdc2566222fb4926e8a8f88a7f6b822e16f7
Partial-bug: #1235796
|
|
|
|
|
|
|
|
|
|
|
|
| |
The -k argument can be a top-level key or a nested key in which case
the keys are separated by dots (eg "foo.bar"). In case a key contains a
dot character, it needs to be surrounded by single quotes (eg
"foo.'bar.1'.fred).
If the -k option is not provided, the command prints out the full
metadata structure as before.
Change-Id: Ib05d39672086001b83e8d7f56bc42cc4ba75751c
Fixes: bug #1183299
|
|
|
|
|
|
|
|
|
|
| |
Tags are not properly implemented in nova so we pass the tags
to nova as metadata. So we now [w]get the nova metadata.
Since this is called repeatedly we cache the metadata.
We also add the nova instance id (uuid) as a guest tag.
Change-Id: I599f22fd5166e88cb3d21a71ead5f48c5c5a9269
|
|
|
|
|
|
|
|
| |
Github tarball and zipball support was removed in the change set to
pipe handing in sources. The changeset add it in and restructured.
Change-Id: I107f42e9961cd8776161d1f6a2efe9d103aea125
Fixes: bug #1195622
|
|
|
|
|
|
|
|
|
| |
For tgz(or tar.bz2) sources, use pipe like `wget -O -
http://www.example.com/a.tar.gz | tar -xvf -` to save disk space
usage.
Change-Id: I59663aed098e8c96d8a41b2d84200f2a1e43a927
Fixes: bug #1192135
|
|
|
|
|
|
|
|
| |
Python 3.x deprecated octal literals in the form
0755. Use 0o755 instead which works at least
with Python 2.6 and newer
Change-Id: I70dc33cb674499548732408924aa2ae728e17ea3
|
|
|
|
|
|
|
|
|
| |
Add display() method to the Metadata class that prints the metadata to
standard output if the metdata has been successfully retrieved (either
from local cache or from the remote server).
Change-Id: Idf6c1aecf2a5204d7cf7fbf3c8d826f750a72785
Fixes: bug #1183298
|
|\ |
|
| |
| |
| |
| |
| |
| | |
Each test run was producing 5 abandoned temp files.
Change-Id: I1c682b8e5a8782b1123b4a1bdb06dddca534e84b
|
|/
|
|
| |
Change-Id: I6c364240d9e336fc4f38c2f4bc1fea2ae5e91511
|
|
|
|
|
|
|
|
|
|
| |
When we don't have AWS::CloudFormation::Init in Metadata, this just
means that cfn-init cannot do anything. However, cfn-hup still has hooks
which are just scheduled to be run on any change in the Metadata.
Fixes bug #1155999
Change-Id: I21c4f2137f8045128a86278b4d90768ea97455d1
|
|
|
|
| |
Change-Id: Ibf69f99171c2c8316a0ea0a377e2fb186d5837b7
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Python 2.6, SafeConfigParser defaults to "dict", which
does not preserve section order. The testsuite was expecting
insertion order to be preserved, which is the case with
Python 2.7. According to Clint Byrum the actual code does
not worry about section ordering, so I reworked the tests
to sort sections into a welldefined order and run tests
then, which makes it pass for all Python versions.
Change-Id: Ia4e14018ae70c465b0b56d406d29fbb3c2ea280c
|
|
|
|
|
|
|
|
|
| |
Testsuite uses assertDictEqual and a few others
which do not exist for Python 2.6. Use testtools
for those instead, which works the same for
all Python versions.
Change-Id: I7c6cba7c032a721f2ade0055066b9ddfac6a35c9
|
|
|
|
|
|
|
|
|
|
| |
/tmp is unsafe if a user were to somehow be able to create the file
before it was cached there they can issue commands to cfn-init that
would likely elevate their permissions.
Fixes bug #1164756
Change-Id: I54e1e1be178274cb0a2b50f54e859e004e1f1c78
|
|
|
|
|
|
|
|
|
|
|
|
| |
Malicious users could predict these tempfile names and overwrite root
owned files using a symlink attack.
Also fixes a bug in order of operations which caused tar to fail if
the destination directory did not exist yet.
Fixes bug #1166323
Change-Id: Ib4040eed27aa7e1e4d2bf53df6cae8e2b6c95f50
|
|
|
|
|
|
| |
Overrides last_path with a file that doesn't exist.
Change-Id: I173a85ab0ac0c4b80f26767130d8151dde87e1e5
|
|
|
|
|
| |
Part of bug #1152434
Change-Id: I53c2b325c638c0a3f8756ebc20d0baeb86acd6e1
|
|
|
|
|
|
|
| |
Adds test coverage for HupConfig
Fixes: Bug #1133050
Change-Id: Icb410b99b22401eadb1f58adf982517af0df48ed
|
|
|
|
|
|
|
| |
The __str__ method now uses the properties to improve the test coverage
Part of bug #1152434
Change-Id: Id06843feb81187c84fd8eac290e3d2ac2382d450
|
|
|
|
|
|
|
| |
Also fix the python to comply. This has to be done as a single
change otherwise we'll never bootstrap gating.
Change-Id: I4a21d57e0341802a1652428dee16c60abb30251d
|
|
|
| |
Testing of each handler will come separately
|
|
|
|
| |
This doesn't test remote retrieve yet.
|
| |
|
| |
|
|
|