Now that we no longer support py27, we can use the standard library
unittest.mock module instead of the third party mock lib.
Change-Id: Ib6e4e7f89a9990cfb42afa209878812340109ecf
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
We are stuck on a very old version of hacking (0.8). In order to move
forward, we need to fix a bunch of things that flake8 will complain about.
Change-Id: If40ac29094b90c5bae63e7423061a190655f50a3
LOG.warn is deprecated. It still used in a few places.
Updated to non-deprecated LOG.warning.
Change-Id: I6e8df0e072448fbd4077c4e5d98b2986e9855489
Closes-Bug:#1508442
Replace assertEqual(None, *) with assertIsNone in tests to have
more clear messages in case of failure.
Change-Id: Ic2dca04e7cdd4f837c42b39dd1ce37604c8f101b
Closes-bug: #1280522
Commands from AWS::CloudFormation::Init, when supplied as list, should
be run with shell=False. Only when commands are given as string, they
are meant to be run on shell.
In principle, we are trying to give least access to the shell to avoid
any inadvertent shell injections.
Change-Id: I3dc6fe0c29a14f75be044846f737e1ade23a6d6b
Closes-Bug: 1498300
Make all internal commands as list to avoid any possibility of command
line injection. Commands supplied as string are susceptible to
substitution.
All the internal commands are supplied as list to CommandRunner. As a
convention, all the commands must be given as list to subprocess except
the commands read from file, like in case of cfn hooks and commands
section in metadata.
Few internal commands require shell redirects and they will be
implemented in another patch.
Change-Id: Ifabaf44e341144bc85508dc05c76b1d83e41ae44
Partial-Bug: #1312246
Control the privileges by setting the effective UID before running the
command. Earlier we used to run command using su -c "USER".
Original EUID is restored after running the command. This is required to
run multiple commands in succession with different run-as users.
Change-Id: I414fc6a802f11deb320b43c6d011f802a42c40c9
Partial-Bug: #1312246
This reverts commit e424af2236.
Splitting command strings that were previously assumed to be interpreted
by the shell at whitespace and then passing them as separate args to
execvp will not work.
Change-Id: I7c37b5852ce9b20e63bdbbaddfb852463548aa90
The CommandRunner used to run commands using su command and passing the
actual command to be run as argument to it.
su USER -c <cmd>
This is susceptible to command line injection as noted in the bug.
The fix required to do two things:
1. Pass the command to be run as list instead of a string. This is to
ensure that the actual arguments are passed as arguments to the program
ought to be executed. And by doing so, avoids running any commands
passed in the argument. On the contrary, if the command were passed as a
string to the shell, the arguments could be formed in a way to execute
malicious commands.
2. The CommandRunner runs the command directly and uses setuid to lower
the privileges if needed. If the 'runas' user is other than root, then
its UID is obtained and setuid is invoked to set the real user-id and
effective user-id to the given user.
Change-Id: I654117e994fd38411508dbe9b85d06c28dc0e411
Closes-Bug: #1312246
* ConfigParser import from six
* Drop iteritems()
* To support both Python 2 and 3
* Encode string before writing it to file
* To support both Python 2 and 3
* Use six.string_types
* To support both Python 2 and 3
* Use key on Python 3
* Because cmp is no longer working
* Add py33 and py34 to tox.ini
Change-Id: I23985be55302cd4ef577919efb51975ecbd9563d
Related-Bug: 1347899
* handle install/upgrade, version checks, and downgrades
* Allow users to specify packages to be installed with dnf
* Use dnf if yum isn't available, letting older cloud-configs work on
future Fedoras
Change-Id: Ib3ff49cfdd3e545aa199c944c110852700625496
heat-cfntools depends on wget and curl. It's redundant.
Since the curl is widely used, replace wget command to curl.
Change-Id: I691bdc046bd72a44c11f25e359c5036ae1a9e86b
Closes-Bug: 1359430
test_cfn_helper.py has a part of code which enforces the order of packages
or services processes. But the order is non-deterministic.
Change-Id: I37c4abe697fb3391793ce74fc730b127e920710a
Closes-Bug: #1360212
Add res_last_path='/var/cache/heat-cfntools/last_metadata_<resource>'
in Metadata.retrieve() function to store metadata of a resource.
Remove md5 check between current metadata and last metadata, json.load()
will organize json structure.
Change-Id: Ie0c31a748f0add3fcab6a579431a28b60051f601
Closes-Bug: #1205375
Partial-Bug: #1133049
In ubuntu system, we can't find 'chkconfig' command, it use
"update-rc.d" or "sysv-rc-conf" for instead.
_handle_sysv_command function will pick up the right command to
enable service for ubuntu or fedora or redhat, and also map systemd
to _handle_sysv_command and remove _handle_systemd_command.
Change-Id: I5b7ceb7541e989f6b11fc1a5acf94275c1d2e75b
Closes-Bug: #1318481
cfn-init will now fail immediately if a command with the key
ignoreErrors='false' or without that key fails (eg it returns an exit
code other than 0). This is similar to what the AWS cfn-init script is
doing.
Change-Id: I41bfa36154fa8b16541a6abb489495739b772376
Closes-Bug: #1269476
Unless the parameter is provided, cfn-signal will use the instance UUID
from the Nova metadata as the id sent back to the WaitCondition.
In case the Nova metadata isn't available, it will use the hostname as a
fallback.
Change-Id: I1e5847c7babd7c6295d8c3e21f6cfa110a9b3026
Closes-bug: 1223429
And fix pep8 issues discovered by hacking update. Remove dependencies
on pep8, pyflakes and flake8. They should be determined by the hacking
dependency implicitely.
Change-Id: I3fefdabcfdc09c28756f5ab0f5a99d12de2d8a3a
before we would get this:
yum install a
yum install a b
yum install a b c
Now we just get
yum install a b c
Change-Id: I2067922ab03de9488a0cd4e08c8d44c00296cd6a
Closes-bug: #1235796
Use on-demand yum metadata caching to avoid downloading
50MB (Fedora 19) of extra metadata that is not necessary
for correct cfn-init operation.
Reduces time to orchestration by about 23% and cpu
utilization by about 50%.
Full detailed analsys in the launchpad bug.
Change-Id: Id51d6d506d6051b5e83f550ef318f86d84f3c7a7
Closes-Bug: 1235824
The -k argument can be a top-level key or a nested key in which case
the keys are separated by dots (eg "foo.bar"). In case a key contains a
dot character, it needs to be surrounded by single quotes (eg
"foo.'bar.1'.fred).
If the -k option is not provided, the command prints out the full
metadata structure as before.
Change-Id: Ib05d39672086001b83e8d7f56bc42cc4ba75751c
Fixes: bug #1183299
Description of command in CFN User Guide:
Either an array or a string specifying the command to run. If you use
an array, you do not need to escape space characters or enclose
command parameters in quotes.
So we escape double quote first, and enclose each array value in
double quote.
Fixes bug #1211605
Change-Id: I28ecdb0d4b8a12690dddeac4e2398264c6d6f212
Tags are not properly implemented in nova so we pass the tags
to nova as metadata. So we now [w]get the nova metadata.
Since this is called repeatedly we cache the metadata.
We also add the nova instance id (uuid) as a guest tag.
Change-Id: I599f22fd5166e88cb3d21a71ead5f48c5c5a9269
Github tarball and zipball support was removed in the change set to
pipe handing in sources. The changeset add it in and restructured.
Change-Id: I107f42e9961cd8776161d1f6a2efe9d103aea125
Fixes: bug #1195622
For tgz(or tar.bz2) sources, use pipe like `wget -O -
http://www.example.com/a.tar.gz | tar -xvf -` to save disk space
usage.
Change-Id: I59663aed098e8c96d8a41b2d84200f2a1e43a927
Fixes: bug #1192135
Register a hook to delete the temporary directory created by sources
handler at program cfn-init exit.
Change-Id: I821195cf510d35f94b1e7656dacc0dfe308ceeb1
Fixes: bug #1191674
Python 3.x deprecated octal literals in the form
0755. Use 0o755 instead which works at least
with Python 2.6 and newer
Change-Id: I70dc33cb674499548732408924aa2ae728e17ea3
Add display() method to the Metadata class that prints the metadata to
standard output if the metdata has been successfully retrieved (either
from local cache or from the remote server).
Change-Id: Idf6c1aecf2a5204d7cf7fbf3c8d826f750a72785
Fixes: bug #1183298