Commit graph

10 commits

Author SHA1 Message Date
Luong Anh Tuan
ff8ae43265 Replace yaml.load() with yaml.safe_load()
Avoid dangerous file parsing and object serialization libraries.
yaml.load is the obvious function to use but it is dangerous[1]
Because yaml.load return Python object may be dangerous if you
receive a YAML document from an untrusted source such as the
Internet. The function yaml.safe_load limits this ability to
simple Python objects like integers or lists.

In addition, Bandit flags yaml.load() as security risk so replace
all occurrences with yaml.safe_load(). Thus I replace yaml.load()
with yaml.safe_load()

[1]https://security.openstack.org/guidelines/dg_avoid-dangerous-input-parsing-libraries.html

Change-Id: I84640973fd9f45a69d2b21f6d594cd5bf10660a6
Closes-Bug: #1634265
2017-01-16 15:07:05 +07:00
Luong Anh Tuan
29d50bc69b Replace six.iteritems() with .items()
We should avoid using six.iteritems/keys achieve iterators. We can use
dict.items/keys instead, as it will return iterators in PY3 as well.
And dict.items/keys will more readable.

In py2, the performance about list should be negligible, see
https://wiki.openstack.org/wiki/Python3 and
http://lists.openstack.org/pipermail/openstack-dev/2015-June/066391.html

Change-Id: I6353f0a1b423c6dbd0c71343f7919fd0de440e34
2016-11-23 12:03:05 +00:00
Gregory Haynes
89dd01e4a0 Run svc-map tests
We currently do not run these tests and they also fail.

Change-Id: I60c8cbd9495b52fb8b4c848549822a05f921664f
2015-03-29 04:11:41 +00:00
Jenkins
e0e0159ef7 Merge "CentOS 6 Element" 2015-03-19 19:42:40 +00:00
Abel Lopez
8026dda8a0 CentOS 6 Element
This is the centos element, which builds CentOS 6.

There are a couple of modifications to redhat-common because
the version of tar in el6 doesn't support --xattrs-include.

There is a change to both pkg-map and svc-map to add 'centos'
to the 'redhat' family.

Also explicitly have to install cloud-utils growroot and
dracut growpart for proper fsresize at instance launch.

Also sets the DIB_EXTLINUX variable because there is no grub2
for this distro.

Change-Id: Iffd57bce1484c43c2cffcbdb37b602185216e63a
2015-03-03 23:09:45 -08:00
Jan Grant
e88be20f1d Fix race in svc-map
The construction of the combined svc-map-services file uses the host's
/tmp directory to store a work-in-progress file. That file's left behind
after it's done with.

There's a potential race here; together with problems that may arise
if two users attempt to run devtest on the same system.

This patch fixes this by creating the temporary file specifically under
$TMP_MOUNT_PATH.

Change-Id: Iecbdc583e37bed542249c316919c3712c28c7440
2015-03-03 15:29:52 -08:00
Gregory Haynes
fd0708286c Check python with flake8 instead of dib-lint
We check python files with dib-lint rather than flake8 which have
conflicting opinions. This means weve been (forcibly) writing non pep8
python.

Also fixing pep8 issues so tests pass.

Change-Id: Idc9db40334f6e15738a7802c06697270df68741c
2014-11-21 09:04:52 -08:00
Michael Kerrin
730e7bd76e Handle extra spaces in merge-svc-map-files
During internal testing we are getting the following error from
merge-svc-map-files
File "/tmp/image.K2MYCphY/hooks/extra-data.d/10-merge-svc-map-files", line 54, in main
    with open(data_path, 'r') as dataFile:
IOError: [Errno 21] Is a directory: '...diskimage-builder/elements/svc-map'

Somehow IMAGE_ELEMENT contains a extra white space that manifests itself
as an element without a name. It is very hard to find where this is coming from so
instead this patch makes merge-svc-map-files more robost to this situation

Change-Id: Id1500ead8a77d691408617dcdc4e095bc5775be8
2014-10-20 18:16:39 +01:00
Ryan Brady
c8037cc73f Fix $DISTRO_NAME usage for centos7 element
In both of the changed files in this patch, the $DISTRO_NAME usage
is checking against "centos".  The valid value for the centos7
element for $DISTRO_NAME is "centos7"[1].

[1] http://git.io/8IvuTw

Change-Id: I0c4a4b2ecf87c7a9283d10071f6feb494a6c716a
2014-10-01 21:42:47 -04:00
Ryan Brady
e1853a7d5b Add svc-map element.
Adds a new svc-map element which can be used to install
services based on an in element 'svc-map' YAML config
file format.

This change is intended to decouple elements from DIB
and allow new elements to support multiple distributions
(with various service naming schemes) without having to
constantly maintain DIB's various bin/map-services files.

This patch ensures all of the YAML files are compiled into
a single file without namespaces.  The YAML compilation
process occurs during image creation time and errors if
conflicting mappings are found.

Change-Id: Id11433ea342aace71a358936a7ca3151ec11d506
2014-09-26 12:00:38 -04:00