Google Git
Sign in
android / platform / external / autotest / ff78f11ff85372a1e2f8ddf8eefbc8b772686148^! / . / site_utils / lxc_config.py
commitff78f11ff85372a1e2f8ddf8eefbc8b772686148[log] [tgz]
authorDan Shi <[email protected]>Fri Jun 12 13:34:02 2015 -0700
committerChromeOS Commit Bot <[email protected]>Tue Jun 23 20:41:03 2015 +0000
tree8b9deea5dd518c2acf4a83df4cfe6c8fd8873826
parent6aa125d8901f8c2baa11403ea109b9315446ef66 [diff] [blame]
[autotest] Pass current user into container for RPC usage

RPC is called using current OS user if not specified (frontend.py). This causes
an issue for autoserv running inside container, as the OS user is always root.
The root user may fail check_for_acl_violation_hosts if a host has special ACL
that does not allow `everyone`.

This CL add an SSP/user config in global config, lxc related code is updated so
that the OS user of autoserv running in host will be passed into the container
through shadow_config.ini. And frontend will use such user to make RPC.

BUG=chromium:480525,chromium:502897
TEST=local
sudo python site_utils/lxc_functional_test.py -v -s
attach to the container
update SSP/user with a user name (existing one should be root as the process
site_utils/lxc_functional_test.py is executed with sudo)
update frontend.py with code in this CL (this means only newer builds won't
be hit by this bug.)
run some RPC:
import common
from autotest_lib.server.cros.dynamic_suite import frontend_wrappers
_AFE = frontend_wrappers.RetryingAFE()
print _AFE.run('get_stable_version')

Also make sure afe in the host still works.

Change-Id: I9ba924e2652fadffa71d6298f74c5b82e8e26b4e
Reviewed-on: https://chromium-review.googlesource.com/281062
Trybot-Ready: Dan Shi <[email protected]>
Tested-by: Dan Shi <[email protected]>
Reviewed-by: Simran Basi <[email protected]>
Commit-Queue: Dan Shi <[email protected]>

diff --git a/site_utils/lxc_config.py b/site_utils/lxc_config.py
index b66689d..d6b331c 100644
--- a/site_utils/lxc_config.py
+++ b/site_utils/lxc_config.py

@@ -51,6 +51,7 @@
 """
 
 import collections
+import getpass
 import json
 import os
 import socket
@@ -219,6 +220,9 @@
         2. Update AUTOTEST_WEB/host and SERVER/hostname to be the IP of the host
            if any is set to localhost or 127.0.0.1. Otherwise, set it to be the
            FQDN of the config value.
+        3. Update SSP/user, which is used as the user makes RPC inside the
+           container. This allows the RPC to pass ACL check as if the call is
+           made in the host.
 
         """
         shadow_config = os.path.join(CONTAINER_AUTOTEST_DIR,
@@ -249,6 +253,11 @@
         self.container.attach_run('echo $\'\n[SERVER]\nhostname: %s\n\' >> %s' %
                                   (new_host, shadow_config))
 
+        # Update SSP/user
+        self.container.attach_run(
+                'echo $\'\n[SSP]\nuser: %s\n\' >> %s' %
+                (getpass.getuser(), shadow_config))
+
 
     def _modify_ssh_config(self):
         """Modify ssh config for it to work inside container.