Merge "Move interface disabling to privsep."

2019-02-05 13:23:14 +00:00 · 2019-02-05 13:23:14 +00:00 · 608f743259
parent 7d73b37f5c d0797c21d5
commit 608f743259
3 changed files with 11 additions and 8 deletions
--- a/nova/network/linux_net.py
+++ b/nova/network/linux_net.py
@ -1248,7 +1248,7 @@ def delete_bridge_dev(dev):
    """Delete a network bridge."""
    if nova.privsep.linux_net.device_exists(dev):
        try:
-            utils.execute('ip', 'link', 'set', dev, 'down', run_as_root=True)
+            nova.privsep.linux_net.set_device_disabled(dev)
            nova.privsep.linux_net.delete_bridge(dev)
        except processutils.ProcessExecutionError:
            with excutils.save_and_reraise_exception():
--- a/nova/privsep/linux_net.py
+++ b/nova/privsep/linux_net.py
@ -91,6 +91,11 @@ def set_device_enabled(dev):
                         check_exit_code=[0, 2, 254])


+@nova.privsep.sys_admin_pctxt.entrypoint
+def set_device_disabled(dev):
+    processutils.execute('ip', 'link', 'set', dev, 'down')
+
+
@nova.privsep.sys_admin_pctxt.entrypoint
 def set_device_macaddr(dev, mac_addr, port_state=None):
    if port_state:
--- a/nova/tests/unit/network/test_linux_net.py
+++ b/nova/tests/unit/network/test_linux_net.py
@ -1270,17 +1270,15 @@ class LinuxNetworkTestCase(test.NoDBTestCase):
            self.assertEqual(2, len(executes))

    @mock.patch('os.path.exists', return_value=True)
-    @mock.patch('nova.utils.execute')
+    @mock.patch('nova.privsep.linux_net.set_device_disabled')
    @mock.patch('nova.privsep.linux_net.delete_bridge')
-    def test_remove_bridge(self, mock_delete, mock_execute, mock_exists):
+    def test_remove_bridge(self, mock_delete, mock_disabled, mock_exists):
        linux_net.LinuxBridgeInterfaceDriver.remove_bridge('fake-bridge')

        self.assertIn(mock.call('/sys/class/net/fake-bridge'),
                      mock_exists.mock_calls)
-        self.assertEqual([mock.call('ip', 'link', 'set', 'fake-bridge',
-                                   'down', run_as_root=True)],
-                         mock_execute.mock_calls)
-        self.assertEqual([mock.call('fake-bridge')], mock_delete.mock_calls)
+        mock_disabled.assert_called_once_with('fake-bridge')
+        mock_delete.assert_called_once_with('fake-bridge')

    @mock.patch.object(linux_net, '_execute')
    @mock.patch('nova.privsep.linux_net.device_exists', return_value=False)
@ -1317,7 +1315,7 @@ class LinuxNetworkTestCase(test.NoDBTestCase):
        mock_set_device_mtu.assert_called_once_with('vlan1', None)

    @mock.patch('os.path.exists', return_value=True)
-    @mock.patch('nova.utils.execute',
+    @mock.patch('nova.privsep.linux_net.set_device_disabled',
                side_effect=processutils.ProcessExecutionError())
    def test_remove_bridge_negative(self, mock_execute, mock_exists):
        self.assertRaises(processutils.ProcessExecutionError,