From 6333c7e9b72b61e6fee633a639c3d5a8816357b2 Mon Sep 17 00:00:00 2001 From: Paul Marshall Date: Fri, 6 Jul 2012 16:57:41 -0500 Subject: [PATCH] added an ignore users option, e.g. prevents such users from being deleted, also only get is root enabled info by checking the db --- etc/reddwarf/reddwarf.conf.sample | 3 +++ etc/reddwarf/reddwarf.conf.test | 3 +++ reddwarf/extensions/mysql/models.py | 14 ++++++++++++-- reddwarf/guestagent/db/models.py | 17 +++++++++++++++-- 4 files changed, 33 insertions(+), 4 deletions(-) diff --git a/etc/reddwarf/reddwarf.conf.sample b/etc/reddwarf/reddwarf.conf.sample index f2412dd87a..23cae9ce8f 100644 --- a/etc/reddwarf/reddwarf.conf.sample +++ b/etc/reddwarf/reddwarf.conf.sample @@ -62,6 +62,9 @@ taskmanager_queue = taskmanager # Auth admin_roles = [admin] +# Users to ignore for user create/list/delete operations +ignore_users = [os_admin] + # Guest related conf agent_heartbeat_time = 10 agent_call_low_timeout = 5 diff --git a/etc/reddwarf/reddwarf.conf.test b/etc/reddwarf/reddwarf.conf.test index ee3630568a..965a90a4f9 100644 --- a/etc/reddwarf/reddwarf.conf.test +++ b/etc/reddwarf/reddwarf.conf.test @@ -68,6 +68,9 @@ volume_time_out=30 # Auth admin_roles = [admin] +# Users to ignore for user create/list/delete operations +ignore_users = [os_admin] + # Guest related conf agent_heartbeat_time = 10 agent_call_low_timeout = 5 diff --git a/reddwarf/extensions/mysql/models.py b/reddwarf/extensions/mysql/models.py index b976d6f83a..af122e6b3a 100644 --- a/reddwarf/extensions/mysql/models.py +++ b/reddwarf/extensions/mysql/models.py @@ -84,13 +84,23 @@ class Root(object): @classmethod def load(cls, context, instance_id): load_and_verify(context, instance_id) - return create_guest_client(context, instance_id).is_root_enabled() + # TODO(pdmars): remove the is_root_enabled call from the guest agent, + # just check the database for this information. + # If the root history returns null or raises an exception, the root + # user hasn't been enabled. + try: + root_history = RootHistory.load(context, instance_id) + except exception.NotFound: + return False + if not root_history: + return False + return True @classmethod def create(cls, context, instance_id, user): load_and_verify(context, instance_id) root = create_guest_client(context, instance_id).enable_root() - root_user = guest_models.MySQLUser() + root_user = guest_models.RootUser() root_user.deserialize(root) root_history = RootHistory.create(context, instance_id, user) return root_user diff --git a/reddwarf/guestagent/db/models.py b/reddwarf/guestagent/db/models.py index 3b1a6e5dc3..06e0566d00 100644 --- a/reddwarf/guestagent/db/models.py +++ b/reddwarf/guestagent/db/models.py @@ -18,6 +18,8 @@ import re import string +from reddwarf.common import config + class Base(object): def serialize(self): @@ -334,6 +336,7 @@ class MySQLUser(Base): """Represents a MySQL User and its associated properties""" not_supported_chars = re.compile("^\s|\s$|'|\"|;|`|,|/|\\\\") + _ignore_users = config.Config.get("ignore_users", []) def __init__(self): self._name = None @@ -341,8 +344,12 @@ class MySQLUser(Base): self._databases = [] def _check_valid(self, value): - if not value or self.not_supported_chars.search(value) or \ - string.find("%r" % value, "\\") != -1: + # User names are not valid if they contain unsupported characters, or + # are in the ignore_users list. + if (not value or + self.not_supported_chars.search(value) or + string.find("%r" % value, "\\") != -1 or + value.lower() in self._ignore_users): return False else: return True @@ -381,3 +388,9 @@ class MySQLUser(Base): mydb = MySQLDatabase() mydb.name = value self._databases.append(mydb.serialize()) + + +class RootUser(MySQLUser): + """Overrides _ignore_users from the MySQLUser class.""" + + _ignore_users = []