[Fuego] [PATCH 3/8] Remove requirement of running the test script as sudo

Tim.Bird at sony.com Tim.Bird at sony.com
Fri May 4 20:36:58 UTC 2018


I ran the test on my machine without issues, and without any
apparent prompt for a password.  Under what conditions
is a password prompt required?  I'm not sure I'm following the code.

 -- Tim

> -----Original Message-----
> From: fuego-bounces at lists.linuxfoundation.org [mailto:fuego-
> bounces at lists.linuxfoundation.org] On Behalf Of Guilherme Campos
> Camargo
> Sent: Wednesday, May 02, 2018 7:21 AM
> To: fuego at lists.linuxfoundation.org
> Subject: [Fuego] [PATCH 3/8] Remove requirement of running the test script
> as sudo
> 
> By requiring the user to run the `test_run.sh` script as sudo on
> standalone mode (outside Fuego's docker container) we may be exposing
> the user to unwanted overwrites through the `output_dir` argument -
> that's currently being used on CheckScreenshot.
> 
> On this patch, we remove that requirement and also update the REAMDE.md
> with better instructions (discouraging running the script with sudo).
> 
> Given that the install/start scripts may execute commands with
> sudo, we're redirecting the password prompt to the users so that they
> explicitly allow those scripts to execute with root privileges.
> 
> In order to check wether the start script requires root priviledges or
> not, we're using a regexp on pexpect that looks for the string 'password
> for' on the output of the script. That string is subject to locale
> settings, so, in order to avoid problems matching the regexp, we're
> standardizing the locale to english by setting LANG='en_US.UTF-8'.
> 
> Signed-off-by: Guilherme Campos Camargo <guicc at profusion.mobi>
> ---
>  .../Functional.fuego_release_test/README.md   | 10 ++++++++--
>  .../Functional.fuego_release_test/test_run.py | 20 +++++++++++++++++++
>  2 files changed, 28 insertions(+), 2 deletions(-)
> 
> diff --git a/engine/tests/Functional.fuego_release_test/README.md
> b/engine/tests/Functional.fuego_release_test/README.md
> index d9cb7b6..fbe4360 100644
> --- a/engine/tests/Functional.fuego_release_test/README.md
> +++ b/engine/tests/Functional.fuego_release_test/README.md
> @@ -72,8 +72,14 @@ test_run:INFO: Waiting for jenkins on
> '172.17.0.2:8080'...
> 
>  ```
> 
> -Docker commands will be executed from within the script. For that reason,
> you
> -may be required to execute it with `sudo` or as a user with root permissions.
> +Docker commands will be executed from within the script, what means that
> +you will need to make sure that your user is part of the `docker` group
> +for running this script without root permissions.
> +
> +If the install or the start scripts require a password, you will be
> +prompted for the it during the execution.
> +
> +Running this script as root is not recommended.
> 
>  ## Test Classes
> 
> diff --git a/engine/tests/Functional.fuego_release_test/test_run.py
> b/engine/tests/Functional.fuego_release_test/test_run.py
> index 02c5f07..9b96d0d 100755
> --- a/engine/tests/Functional.fuego_release_test/test_run.py
> +++ b/engine/tests/Functional.fuego_release_test/test_run.py
> @@ -9,6 +9,7 @@ import re
>  import subprocess
>  import sys
>  import time
> +from getpass import getpass
>  from io import BytesIO
> 
>  import docker
> @@ -592,12 +593,26 @@ class PexpectContainerSession():
>          self.timeout = timeout
> 
>      def start(self):
> +        def prompt_password_if_needed():
> +            try:
> +                PASSWORD_PROMPT_REGEX = re.compile("password for.+$")
> +                self.client.expect(PASSWORD_PROMPT_REGEX, timeout=1)
> +            except pexpect.exceptions.TIMEOUT:
> +                pass
> +            else:
> +                prompt = self.client.before + self.client.match.group(0)
> +                LOGGER.info("  Start script requires a password...")
> +                password = getpass(prompt=prompt)
> +                self.client.sendline(password)
> +
>          LOGGER.info(
>              "Starting container '%s'...", self.container.container_name)
>          self.client = pexpect.spawnu(
>              '%s %s' % (self.start_script, self.container.container_name),
>              echo=False, timeout=self.timeout)
> 
> +        prompt_password_if_needed()
> +
>          PexpectContainerSession.set_ps1(self.client)
> 
>          LOGGER.info("Container started with the ip '%s'",
> @@ -688,6 +703,7 @@ def main():
>      DEFAULT_START_SCRIPT = 'fuego-host-scripts/docker-start-container.sh'
>      DEFAULT_JENKINS_PORT = 8080
>      DEFAULT_OUTPUT_DIR = '/tmp'
> +    DEFAULT_LOCALE = 'en_US.UTF-8'
> 
>      @atexit.register
>      def cleanup():
> @@ -786,6 +802,10 @@ def main():
>      LOGGER.debug("Changing working dir to '%s'", args.install_dir)
>      os.chdir(args.install_dir)
> 
> +    LOGGER.debug("Setting locale to '%s' to standardize Pexpect output",
> +                 DEFAULT_LOCALE)
> +    os.environ['LANG'] = DEFAULT_LOCALE
> +
>      container = FuegoContainer(args.install_script, args.image_name,
>                                 args.container_name, args.jenkins_port,
>                                 rm_after_test=args.rm_test_container)
> --
> 2.17.0
> 
> _______________________________________________
> Fuego mailing list
> Fuego at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/fuego


More information about the Fuego mailing list