openstack/deb-neutron-fwaas
Code Issues Proposed changes
Files
46972c16547f09c2d4fa7e6ef17265ae0e9e7e1e
deb-neutron-fwaas/neutron_fwaas/privileged/__init__.py
Cedric Brandily b97825874b Enable to run rootwrap/privsep related functional tests 
This change defines tools/deploy_rootwrap.sh. It builds neutron-rootwrap
config from neutron, neutron-fwaas and functests[1] filters. It's an
enabler to run functional tests which requires rootwrap/privsep
features.

An alternative was to build neutron-rootwrap config from neutron-fwaas
and functests filters[1] only. But it implies to add many filters from
neutron in functests filters in order to run FWaaS functional tests on
the long term.

Most of the logic in gate_hook.sh[2] has been removed because it's
now done by neutron tools/configure_for_func_testing.sh through
configure_for_fwaas_func_testing.sh[3].

post_test_hook.sh changes now neutron permissions in order to allow
stack user to run pip install neutron in /opt/stack/new/neutron.

This change defines the modules [5][6] to validate that we can run
privileged privsep process in functional tests. These modules will be
removed when "real" functional tests will be added.

[1] neutron_fwaas/tests/contrib/functional-testing.filters
[2] neutron_fwaas/tests/contrib/gate_hook.sh
[3] tools/configure_for_fwaas_func_testing.sh
[4] neutron_fwaas/tests/contrib/post_test_hook.sh
[5] neutron_fwaas.privileged.tests.functional.dummy
[6] neutron_fwaas.tests.functional.privileged.test_dummy

Change-Id: Ie077092c03efca3856c27c581bba5c5b84db3a2a
2017-02-28 10:18:03 +07:00

30 lines
1.2 KiB
Python
Raw Blame History

# Copyright (c) 2017 Thales Services SAS
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_privsep import capabilities as c
from oslo_privsep import priv_context
# It is expected that most (if not all) neutron-fwaas operations can be
# executed with these privileges.
default = priv_context.PrivContext(
__name__,
cfg_section='privsep',
pypath=__name__ + '.default',
# TODO(gus): CAP_SYS_ADMIN is required (only?) for manipulating
# network namespaces. SYS_ADMIN is a lot of scary powers, so
# consider breaking this out into a separate minimal context.
capabilities=[c.CAP_SYS_ADMIN, c.CAP_NET_ADMIN],
)
View Git Blame Copy Permalink