Merge "apparmor: manage lbaasv2 profile >= newton"

2017-09-28 08:13:32 +00:00 · 2017-09-28 08:13:32 +00:00 · bf0b2446a2
parent 2d2df3c285 d7ccd2bfba
commit bf0b2446a2
3 changed files with 26 additions and 1 deletions
--- a/hooks/neutron_utils.py
+++ b/hooks/neutron_utils.py
@ -1542,5 +1542,10 @@ def _pause_resume_helper(f, configs):

 def configure_apparmor():
    '''Configure all apparmor profiles for the local unit'''
-    for profile in APPARMOR_PROFILES:
+    profiles = deepcopy(APPARMOR_PROFILES)
+    cmp_os_source = CompareOpenStackReleases(os_release('neutron-common'))
+    if cmp_os_source >= 'newton':
+        profiles.remove(NEUTRON_LBAAS_AA_PROFILE)
+        profiles.append(NEUTRON_LBAASV2_AA_PROFILE)
+    for profile in profiles:
        context.AppArmorContext(profile).setup_aa_profile()
--- a/unit_tests/test_neutron_hooks.py
+++ b/unit_tests/test_neutron_hooks.py
@ -58,6 +58,7 @@ TO_PATCH = [
    'service_restart',
    'is_unit_paused_set',
    'install_systemd_override',
+    'configure_apparmor',
 ]


@ -164,6 +165,7 @@ class TestQuantumHooks(CharmTestCase):
        self.assertTrue(_amqp_nova_joined.called)
        self.assertTrue(_zmq_joined.called)
        self.assertTrue(self.create_sysctl.called)
+        self.configure_apparmor.assert_called_with()

    @patch.object(hooks, 'git_install_requested')
    def test_config_changed_upgrade(self, git_requested):
--- a/unit_tests/test_neutron_utils.py
+++ b/unit_tests/test_neutron_utils.py
@ -1537,3 +1537,21 @@ class TestNeutronAgentReallocation(CharmTestCase):
        _subprocess.check_call.assert_called_with(
            ['systemctl', 'daemon-reload']
        )
+
+    @patch.object(neutron_utils, 'context')
+    def test_configure_apparmor_mitaka(self, context):
+        self.os_release.return_value = 'mitaka'
+        context.AppArmorContext = MagicMock()
+        neutron_utils.configure_apparmor()
+        context.AppArmorContext.assert_any_call(
+            neutron_utils.NEUTRON_LBAAS_AA_PROFILE
+        )
+
+    @patch.object(neutron_utils, 'context')
+    def test_configure_apparmor_newton(self, context):
+        self.os_release.return_value = 'newton'
+        context.AppArmorContext = MagicMock()
+        neutron_utils.configure_apparmor()
+        context.AppArmorContext.assert_any_call(
+            neutron_utils.NEUTRON_LBAASV2_AA_PROFILE
+        )