launchpad-reviewers team mailing list archive

Thread
Date

[Merge] lp:~jtv/maas/extend-dhcpd-apparmor-profile into lp:maas

To: mp+123252@xxxxxxxxxxxxxxxxxx
From: "Jeroen T. Vermeulen" <jtv@xxxxxxxxxxxxx>
Date: Fri, 07 Sep 2012 11:02:23 -0000
Reply-to: mp+123252@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Jeroen T. Vermeulen has proposed merging lp:~jtv/maas/extend-dhcpd-apparmor-profile into lp:maas with lp:~jtv/maas/write-custom-config-section as a prerequisite.

Requested reviews:
  MAAS Maintainers (maas-maintainers)

For more details, see:
https://code.launchpad.net/~jtv/maas/extend-dhcpd-apparmor-profile/+merge/123252

I've discussed this work with tons of people now to find the right approach, and the current direction with roaksoax in particular, but the idea for this particular part I sanity-checked with rvba.


Jeroen
-- 
https://code.launchpad.net/~jtv/maas/extend-dhcpd-apparmor-profile/+merge/123252
Your team MAAS Maintainers is requested to review the proposed merge of lp:~jtv/maas/extend-dhcpd-apparmor-profile into lp:maas.

=== modified file 'src/provisioningserver/__main__.py'
--- src/provisioningserver/__main__.py	2012-09-03 05:20:39 +0000
+++ src/provisioningserver/__main__.py	2012-09-07 11:01:22 +0000
@@ -12,6 +12,7 @@
 
 __metaclass__ = type
 
+import provisioningserver.dhcp.extend_dhcp_apparmor
 import provisioningserver.dhcp.writer
 import provisioningserver.pxe.install_bootloader
 import provisioningserver.pxe.install_image
@@ -23,6 +24,9 @@
 
 main = MainScript(__doc__)
 main.register(
+    "extend-dhcp-apparmor",
+    provisioningserver.dhcp.extend_dhcp_apparmor)
+main.register(
     "install-pxe-bootloader",
     provisioningserver.pxe.install_bootloader)
 main.register(

=== added file 'src/provisioningserver/dhcp/extend_dhcp_apparmor.py'
--- src/provisioningserver/dhcp/extend_dhcp_apparmor.py	1970-01-01 00:00:00 +0000
+++ src/provisioningserver/dhcp/extend_dhcp_apparmor.py	2012-09-07 11:01:22 +0000
@@ -0,0 +1,67 @@
+# Copyright 2012 Canonical Ltd.  This software is licensed under the
+# GNU Affero General Public License version 3 (see the file LICENSE).
+
+"""Generate local isc-dhcp-server's AppArmor profile for custom dhcpd.
+
+When maas-dhcp is installed, MAAS will run its own DHCP server.  This is
+an instance of the ISC server, but it runs with custom configuration,
+leases files, and pidfiles.
+
+This command extends the server's local AppArmor profile additions in
+`/etc/apparmor.d/local/usr.sbin.dhcpd` to allow the server to access those
+files.  Write the output back into that file (they will include the
+existing contents unchanged) in order to allow MAAS to run its own dhcpd.
+"""
+
+from __future__ import (
+    absolute_import,
+    print_function,
+    unicode_literals,
+    )
+
+__metaclass__ = type
+__all__ = [
+    'add_arguments',
+    'run',
+    ]
+
+import sys
+from textwrap import dedent
+
+from celeryconfig import (
+    DHCP_CONFIG_FILE,
+    DHCP_LEASES_FILE,
+    )
+from provisioningserver.utils import write_custom_config_section
+
+
+apparmor_config = '/etc/apparmor.d/local/usr.sbin.dhcpd'
+
+
+custom_section_template = dedent("""\
+    %(config)s r,
+    %(leases)s rw,
+    """)
+
+
+def add_arguments(parser):
+    """For execution by :class:`MainScript`."""
+    parser.add_argument(
+        '--encoding', dest='encoding', default='utf-8',
+        help="Encoding to use in reading and writing the config file.")
+
+
+def run(args):
+    """Generate local isc-dhcp-server's AppArmor profile for custom dhcpd.
+
+    Prints new contents for /etc/apparmor.d/local/usr.sbin.dhcpd to stdout;
+    write them into that file to make the changes take effect.
+    """
+    custom_section = custom_section_template % {
+        'config': DHCP_CONFIG_FILE,
+        'leases': DHCP_LEASES_FILE,
+    }
+    with open(apparmor_config, 'rb') as config:
+        original_text = config.read().decode(args.encoding)
+    new_text = write_custom_config_section(original_text, custom_section)
+    sys.stdout.write(new_text.encode(args.encoding))

=== added file 'src/provisioningserver/tests/test_extend_dhcp_apparmor.py'
--- src/provisioningserver/tests/test_extend_dhcp_apparmor.py	1970-01-01 00:00:00 +0000
+++ src/provisioningserver/tests/test_extend_dhcp_apparmor.py	2012-09-07 11:01:22 +0000
@@ -0,0 +1,58 @@
+# Copyright 2012 Canonical Ltd.  This software is licensed under the
+# GNU Affero General Public License version 3 (see the file LICENSE).
+
+"""Tests for the extend_dhcp_apparmor command."""
+
+from __future__ import (
+    absolute_import,
+    print_function,
+    unicode_literals,
+    )
+
+__metaclass__ = type
+__all__ = []
+
+from io import BytesIO
+import sys
+
+from celeryconfig import (
+    DHCP_CONFIG_FILE,
+    DHCP_LEASES_FILE,
+    )
+from maastesting.factory import factory
+from maastesting.matchers import ContainsAll
+from maastesting.testcase import TestCase
+from provisioningserver.dhcp import extend_dhcp_apparmor
+from provisioningserver.utils import (
+    maas_custom_config_markers,
+    MainScript,
+    )
+
+
+class TestExtendDHCPAppArmor(TestCase):
+
+    def make_config(self, contents=None):
+        """Fake up a config file, and substitute it for the real one."""
+        config_file = self.make_file(contents=contents)
+        self.patch(extend_dhcp_apparmor, 'apparmor_config', config_file)
+        return config_file
+
+    def test_integration(self):
+        stdout = BytesIO()
+        self.patch(sys, 'stdout', stdout)
+        header, footer = maas_custom_config_markers
+        self.make_config("Existing config.")
+        action = factory.make_name('action')
+        script = MainScript(action)
+        script.register(action, extend_dhcp_apparmor)
+        script.execute((action, ))
+        stdout.seek(0)
+        self.assertThat(
+            stdout.read().decode('utf-8'),
+            ContainsAll([
+                "Existing config.",
+                header,
+                footer,
+                "%s r," % DHCP_CONFIG_FILE,
+                "%s rw," % DHCP_LEASES_FILE,
+                ]))