Merge "Secure root password on restore from backup after root-enable"
This commit is contained in:
commit
39df6f1f12
trove
guestagent
tests/unittests/guestagent
@ -114,10 +114,10 @@ class Manager(periodic_task.PeriodicTasks):
|
||||
self._perform_restore(backup_id, context, CONF.mount_point, app)
|
||||
LOG.info(_("Securing mysql now."))
|
||||
app.secure(config_location, config_contents)
|
||||
if backup_id and MySqlAdmin().is_root_enabled():
|
||||
enable_root_on_restore = (backup_id and MySqlAdmin().is_root_enabled())
|
||||
if enable_root_on_restore:
|
||||
MySqlAdmin().report_root_enabled(context)
|
||||
else:
|
||||
app.secure_root()
|
||||
app.secure_root(secure_remote_root=not enable_root_on_restore)
|
||||
app.complete_install_or_restart()
|
||||
|
||||
if databases:
|
||||
|
@ -666,13 +666,14 @@ class MySqlApp(object):
|
||||
|
||||
LOG.info(_("Dbaas secure complete."))
|
||||
|
||||
def secure_root(self):
|
||||
def secure_root(self, secure_remote_root=True):
|
||||
engine = sqlalchemy.create_engine("mysql://root:@localhost:3306",
|
||||
echo=True)
|
||||
with LocalSqlClient(engine) as client:
|
||||
LOG.info(_("Preserving root access from restore"))
|
||||
self._generate_root_password(client)
|
||||
self._remove_remote_root_access(client)
|
||||
if secure_remote_root:
|
||||
self._remove_remote_root_access(client)
|
||||
|
||||
def _install_mysql(self):
|
||||
"""Install mysql server. The current version is 5.5"""
|
||||
|
@ -33,8 +33,7 @@ BACKUP_DECRYPT_KEY = CONF.backup_aes_cbc_key
|
||||
RESET_ROOT_RETRY_TIMEOUT = 100
|
||||
RESET_ROOT_SLEEP_INTERVAL = 10
|
||||
RESET_ROOT_MYSQL_COMMAND = """
|
||||
UPDATE mysql.user SET Password=PASSWORD('') WHERE User='root';
|
||||
FLUSH PRIVILEGES;
|
||||
SET PASSWORD FOR 'root'@'localhost'=PASSWORD('');
|
||||
"""
|
||||
|
||||
|
||||
|
@ -156,7 +156,7 @@ class GuestAgentManagerTest(testtools.TestCase):
|
||||
when(dbaas.MySqlApp).install_if_needed().thenReturn(None)
|
||||
when(backup).restore(self.context, backup_id).thenReturn(None)
|
||||
when(dbaas.MySqlApp).secure(any()).thenReturn(None)
|
||||
when(dbaas.MySqlApp).secure_root().thenReturn(None)
|
||||
when(dbaas.MySqlApp).secure_root(any()).thenReturn(None)
|
||||
when(dbaas.MySqlApp).is_installed().thenReturn(is_mysql_installed)
|
||||
when(dbaas.MySqlAdmin).is_root_enabled().thenReturn(is_root_enabled)
|
||||
when(dbaas.MySqlAdmin).create_user().thenReturn(None)
|
||||
@ -186,7 +186,6 @@ class GuestAgentManagerTest(testtools.TestCase):
|
||||
verify(dbaas.MySqlAdmin, never).create_database()
|
||||
verify(dbaas.MySqlAdmin, never).create_user()
|
||||
times_report = 1 if is_root_enabled else 0
|
||||
times_reset_root = 1 if not backup_id or not is_root_enabled else 0
|
||||
verify(dbaas.MySqlApp, times=times_reset_root).secure_root()
|
||||
verify(dbaas.MySqlApp).secure_root(secure_remote_root=any())
|
||||
verify(dbaas.MySqlAdmin, times=times_report).report_root_enabled(
|
||||
self.context)
|
||||
|
Loading…
x
Reference in New Issue
Block a user