WSGI server workers must drop_privledges

... just like they always have and server per port strategy still does.

Related-Change-Id: I3e5229d2fb04be67e53533ff65b0870038accbb7
Change-Id: I14e3ed201ceaceef0f8dbc44685395f350a0e7fc

swift/common/wsgi.py

@@ -695,6 +695,14 @@ class StrategyBase(object):
     Some operations common to all strategy classes.
     """
 
+    def post_fork_hook(self):
+        """
+        Called in each forked-off child process, prior to starting the actual
+        wsgi server, to perform any initialization such as drop privileges.
+        """
+
+        drop_privileges(self.conf.get('user', 'swift'))
+
     def shutdown_sockets(self):
         """
         Shutdown any listen sockets.
@@ -785,14 +793,6 @@ class WorkersStrategy(StrategyBase):
         while len(self.children) < self.worker_count:
             yield self.sock, None
 
-    def post_fork_hook(self):
-        """
-        Perform any initialization in a forked-off child process prior to
-        starting the wsgi server.
-        """
-
-        pass
-
     def log_sock_exit(self, sock, _unused):
         """
         Log a server's exit.
@@ -1071,14 +1071,6 @@ class ServersPerPortStrategy(StrategyBase):
                 # can close and forget them.
                 self.port_pid_state.forget_port(orphan_pair[0])
 
-    def post_fork_hook(self):
-        """
-        Called in each child process, prior to starting the actual wsgi server,
-        to drop privileges.
-        """
-
-        drop_privileges(self.conf.get('user', 'swift'))
-
     def log_sock_exit(self, sock, server_idx):
         """
         Log a server's exit.

test/unit/common/test_wsgi.py

@@ -1284,7 +1284,17 @@ class TestProxyProtocol(unittest.TestCase):
         self.assertEqual(proxy_obj.get_environ(), expected_env)
 
 
-class TestServersPerPortStrategy(unittest.TestCase):
+class CommonTestMixin(object):
+
+    def test_post_fork_hook(self):
+        self.strategy.post_fork_hook()
+
+        self.assertEqual([
+            mock.call('bob'),
+        ], self.mock_drop_privileges.mock_calls)
+
+
+class TestServersPerPortStrategy(unittest.TestCase, CommonTestMixin):
     def setUp(self):
         self.logger = FakeLogger()
         self.conf = {
@@ -1495,13 +1505,6 @@ class TestServersPerPortStrategy(unittest.TestCase):
         # This is one of the workers for port 6006 that already got reaped.
         self.assertIsNone(self.strategy.register_worker_exit(89))
 
-    def test_post_fork_hook(self):
-        self.strategy.post_fork_hook()
-
-        self.assertEqual([
-            mock.call('bob'),
-        ], self.mock_drop_privileges.mock_calls)
-
     def test_shutdown_sockets(self):
         self.strategy.do_bind_ports()
 
@@ -1520,7 +1523,7 @@ class TestServersPerPortStrategy(unittest.TestCase):
         ], self.s2.mock_calls)
 
 
-class TestWorkersStrategy(unittest.TestCase):
+class TestWorkersStrategy(unittest.TestCase, CommonTestMixin):
     def setUp(self):
         self.logger = FakeLogger()
         self.conf = {
@@ -1615,10 +1618,6 @@ class TestWorkersStrategy(unittest.TestCase):
             'Started child %s from parent %s' % (90, mypid),
         ], self.logger.get_lines_for_level('notice'))
 
-    def test_post_fork_hook(self):
-        # Just don't crash or do something stupid
-        self.assertIsNone(self.strategy.post_fork_hook())
-
     def test_shutdown_sockets(self):
         self.mock_get_socket.return_value = mock.MagicMock()
         self.strategy.do_bind_ports()