Merge "Secure root password on restore from backup after root-enable"

This commit is contained in:
Jenkins 2013-08-13 20:25:12 +00:00 committed by Gerrit Code Review
commit 39df6f1f12
4 changed files with 9 additions and 10 deletions
trove
guestagent
manager
strategies/restore
tests/unittests/guestagent

@ -114,10 +114,10 @@ class Manager(periodic_task.PeriodicTasks):
self._perform_restore(backup_id, context, CONF.mount_point, app)
LOG.info(_("Securing mysql now."))
app.secure(config_location, config_contents)
if backup_id and MySqlAdmin().is_root_enabled():
enable_root_on_restore = (backup_id and MySqlAdmin().is_root_enabled())
if enable_root_on_restore:
MySqlAdmin().report_root_enabled(context)
else:
app.secure_root()
app.secure_root(secure_remote_root=not enable_root_on_restore)
app.complete_install_or_restart()
if databases:

@ -666,13 +666,14 @@ class MySqlApp(object):
LOG.info(_("Dbaas secure complete."))
def secure_root(self):
def secure_root(self, secure_remote_root=True):
engine = sqlalchemy.create_engine("mysql://root:@localhost:3306",
echo=True)
with LocalSqlClient(engine) as client:
LOG.info(_("Preserving root access from restore"))
self._generate_root_password(client)
self._remove_remote_root_access(client)
if secure_remote_root:
self._remove_remote_root_access(client)
def _install_mysql(self):
"""Install mysql server. The current version is 5.5"""

@ -33,8 +33,7 @@ BACKUP_DECRYPT_KEY = CONF.backup_aes_cbc_key
RESET_ROOT_RETRY_TIMEOUT = 100
RESET_ROOT_SLEEP_INTERVAL = 10
RESET_ROOT_MYSQL_COMMAND = """
UPDATE mysql.user SET Password=PASSWORD('') WHERE User='root';
FLUSH PRIVILEGES;
SET PASSWORD FOR 'root'@'localhost'=PASSWORD('');
"""

@ -156,7 +156,7 @@ class GuestAgentManagerTest(testtools.TestCase):
when(dbaas.MySqlApp).install_if_needed().thenReturn(None)
when(backup).restore(self.context, backup_id).thenReturn(None)
when(dbaas.MySqlApp).secure(any()).thenReturn(None)
when(dbaas.MySqlApp).secure_root().thenReturn(None)
when(dbaas.MySqlApp).secure_root(any()).thenReturn(None)
when(dbaas.MySqlApp).is_installed().thenReturn(is_mysql_installed)
when(dbaas.MySqlAdmin).is_root_enabled().thenReturn(is_root_enabled)
when(dbaas.MySqlAdmin).create_user().thenReturn(None)
@ -186,7 +186,6 @@ class GuestAgentManagerTest(testtools.TestCase):
verify(dbaas.MySqlAdmin, never).create_database()
verify(dbaas.MySqlAdmin, never).create_user()
times_report = 1 if is_root_enabled else 0
times_reset_root = 1 if not backup_id or not is_root_enabled else 0
verify(dbaas.MySqlApp, times=times_reset_root).secure_root()
verify(dbaas.MySqlApp).secure_root(secure_remote_root=any())
verify(dbaas.MySqlAdmin, times=times_report).report_root_enabled(
self.context)