[MediaWiki-commits] [Gerrit] Add . to each sudoer host. - change (mediawiki...OpenStackManager)

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged.

Change subject: Add <displayname>.<domain> to each sudoer host.
......................................................................


Add <displayname>.<domain> to each sudoer host.

This is a bit of a hack to support backwards-compatibility.

Old (pre-essex) instances indentify themselves with a fqdn
like i-xxxxxxx.<domain>.  Newer instances identify themselves
as <displayname>.<domain>.  Previously our sudoer code
only registered i-xxxxx names, so per-host sudo policies
only worked for those older instances.

Now we just register both kinds of fqdn as part of a sudoer,
in order to support both old and new instances.  The GUI
consolidates both entries into one checkbox that looks
the same as before.

Change-Id: I46a63611d0fc731b0fb6bc82aadda48134ec08f1
---
M nova/OpenStackNovaSudoer.php
M special/SpecialNovaSudoer.php
2 files changed, 25 insertions(+), 3 deletions(-)

Approvals:
  Ryan Lane: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/nova/OpenStackNovaSudoer.php b/nova/OpenStackNovaSudoer.php
index 6ee6437..1dd80f7 100644
--- a/nova/OpenStackNovaSudoer.php
+++ b/nova/OpenStackNovaSudoer.php
@@ -136,7 +136,7 @@
        }
 
        /**
-        * Modify a new sudoer based on users, hosts, commands, and options.
+        * Modify a sudoer based on users, hosts, commands, and options.
         *
         * @param  $users
         * @param  $hosts
@@ -156,6 +156,14 @@
                $sudoer['sudohost'] = array();
                foreach ( $hosts as $host ) {
                        $sudoer['sudohost'][] = $host;
+
+                       // For good measure, put the display name in there too.
+                       //  modern instances identify themselves that way.
+                       list ( $name, $domain ) = explode( '.', $host );
+                       $domainobj = OpenStackNovaDomain::getDomainByName( 
$domain );
+                       $hostobj = OpenStackNovaHost::getHostByName( $name, 
$domainobj );
+                       $displayfqdn = $hostobj->getFullyQualifiedDisplayName();
+                       $sudoer['sudohost'][] = $displayfqdn;
                }
                $sudoer['sudorunasuser'] = array();
                foreach ( $runasuser as $runas ) {
@@ -282,6 +290,14 @@
                }
                foreach ( $hosts as $host ) {
                        $sudoer['sudohost'][] = $host;
+
+                       // For good measure, put the display name in there too.
+                       //  modern instances identify themselves that way.
+                       list ( $name, $domain ) = explode( '.', $host );
+                       $domainobj = new OpenStackNovaDomain( $domain );
+                       $hostobj = OpenStackNovaHost::getHostByName( $name, 
$domainobj );
+                       $displayfqdn = $hostobj->getFullyQualifiedDisplayName();
+                       $sudoer['sudohost'][] = $displayfqdn;
                }
                foreach ( $runasuser as $runas ) {
                        $sudoer['sudorunasuser'][] = $runas;
diff --git a/special/SpecialNovaSudoer.php b/special/SpecialNovaSudoer.php
index 2838010..44494f6 100644
--- a/special/SpecialNovaSudoer.php
+++ b/special/SpecialNovaSudoer.php
@@ -479,9 +479,13 @@
                        foreach ( $instances as $instance ) {
                                $host = $instance->getHost();
                                if ( $host ) {
-                                       $fqdn = 
$host->getFullyQualifiedHostName();
                                        // $instanceNames will be output later 
with no change of escaping
+                                       $fqdn = 
$host->getFullyQualifiedHostName();
                                        $instanceNames[$fqdn] = htmlentities( 
$instance->getInstanceName() . ' (' . $region . ')' );
+
+                                       // We might have stored this as a 
display rather than as i-xxxxx:
+                                       $displayfqdn = 
$host->getFullyQualifiedDisplayName();
+                                       $instanceNames[$displayfqdn] = 
htmlentities( $instance->getInstanceName() . ' (' . $region . ')' );
                                }
                        }
                }
@@ -504,7 +508,9 @@
                        $sudoHostNames = array();
                        foreach ( $sudoHosts as $sudoHost ) {
                                if ( array_key_exists( $sudoHost, 
$instanceNames ) ) {
-                                       $sudoHostNames[] = 
$instanceNames[$sudoHost];
+                                       if ( ! in_array( 
$instanceNames[$sudoHost], $sudoHostNames ) ) {
+                                               $sudoHostNames[] = 
$instanceNames[$sudoHost];
+                                       }
                                }
                        }
                        if ( in_array( 'ALL', $sudoHosts ) ) {

-- 
To view, visit https://gerrit.wikimedia.org/r/64303
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I46a63611d0fc731b0fb6bc82aadda48134ec08f1
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/extensions/OpenStackManager
Gerrit-Branch: master
Gerrit-Owner: Andrew Bogott <abog...@wikimedia.org>
Gerrit-Reviewer: DamianZaremba <dam...@damianzaremba.co.uk>
Gerrit-Reviewer: Ryan Lane <rl...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits