]> review.fuel-infra Code Review - openstack-build/neutron-build.git/commitdiff
Code Review / openstack-build / neutron-build.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 04d2e9b)
Remove root_helper arg from IptablesManager
authorTerry Wilson <twilson@redhat.com>
Tue, 10 Feb 2015 03:32:58 +0000 (21:32 -0600)
committerHenry Gessau <gessau@cisco.com>
Wed, 18 Feb 2015 11:39:38 +0000 (11:39 +0000)
Partially-Implements: blueprint rootwrap-daemon-mode
Change-Id: I4b7da37df4256a1019f16c587e1738175861030e

neutron/agent/l3/dvr.py patch | blob | history
neutron/agent/l3/dvr_fip_ns.py patch | blob | history
neutron/agent/l3/router_info.py patch | blob | history
neutron/agent/linux/iptables_firewall.py patch | blob | history
neutron/agent/linux/iptables_manager.py patch | blob | history
neutron/services/metering/drivers/iptables/iptables_driver.py patch | blob | history
neutron/tests/functional/agent/linux/test_ipset.py patch | blob | history
neutron/tests/functional/agent/linux/test_iptables.py patch | blob | history
neutron/tests/unit/services/metering/drivers/test_iptables_driver.py patch | blob | history
neutron/tests/unit/test_iptables_manager.py patch | blob | history
neutron/tests/unit/test_security_groups_rpc.py patch | blob | history

diff --git a/neutron/agent/l3/dvr.py b/neutron/agent/l3/dvr.py
index 64eed255219e061d74dddfdfa87d76f636ae8320..ebf4358abc078b7c9f926e1d19a17ddce8a02fcc 100644 (file)
--- a/neutron/agent/l3/dvr.py
+++ b/neutron/agent/l3/dvr.py
@@ -165,7 +165,6 @@ class AgentMixin(object):
         self._external_gateway_added(ri, ex_gw_port, gw_interface_name,
                                      snat_ns_name, preserve_ips=[])
         ri.snat_iptables_manager = iptables_manager.IptablesManager(
-            root_helper=self.root_helper,
             namespace=snat_ns_name,
             use_ipv6=self.use_ipv6)
         # kicks the FW Agent to add rules for the snat namespace
diff --git a/neutron/agent/l3/dvr_fip_ns.py b/neutron/agent/l3/dvr_fip_ns.py
index b11dc1345843879a88aff93bb3bf8e6aea8a0c7d..154d1f0415539e2ed22a34f391f31b47ecdd6710 100644 (file)
--- a/neutron/agent/l3/dvr_fip_ns.py
+++ b/neutron/agent/l3/dvr_fip_ns.py
@@ -47,7 +47,6 @@ class FipNamespace(object):
         self._subscribers = set()
         self._rule_priorities = set(range(FIP_PR_START, FIP_PR_END))
         self._iptables_manager = iptables_manager.IptablesManager(
-            root_helper=self.root_helper,
             namespace=self.get_name(),
             use_ipv6=self.use_ipv6)
         path = os.path.join(agent_conf.state_path, 'fip-linklocal-networks')
diff --git a/neutron/agent/l3/router_info.py b/neutron/agent/l3/router_info.py
index e6cafe44bce63ec719b5a25df50a797f4a175bee..2fbbdc450957e8ae3859ef56c066db1dfc8e5ecf 100644 (file)
--- a/neutron/agent/l3/router_info.py
+++ b/neutron/agent/l3/router_info.py
@@ -41,7 +41,6 @@ class RouterInfo(object):
         self.router = router
         self.ns_name = ns_name
         self.iptables_manager = iptables_manager.IptablesManager(
-            root_helper=root_helper,
             use_ipv6=use_ipv6,
             namespace=self.ns_name)
         self.routes = []
diff --git a/neutron/agent/linux/iptables_firewall.py b/neutron/agent/linux/iptables_firewall.py
index 691e0a0bb85cce5a27e6a375b135f0ff884f021d..285b5de94738be4907326618cfd54fcb30f470ce 100644 (file)
--- a/neutron/agent/linux/iptables_firewall.py
+++ b/neutron/agent/linux/iptables_firewall.py
@@ -50,7 +50,6 @@ class IptablesFirewallDriver(firewall.FirewallDriver):
     def __init__(self):
         self.root_helper = cfg.CONF.AGENT.root_helper
         self.iptables = iptables_manager.IptablesManager(
-            root_helper=self.root_helper,
             use_ipv6=ipv6_utils.is_enabled())
         # TODO(majopela, shihanzhang): refactor out ipset to a separate
         # driver composed over this one
diff --git a/neutron/agent/linux/iptables_manager.py b/neutron/agent/linux/iptables_manager.py
index 7a7ab6275846fa5c907f7d759451065a06610369..5adf1d227cec00af53c8bd62ffe8f229bd0a8c73 100644 (file)
--- a/neutron/agent/linux/iptables_manager.py
+++ b/neutron/agent/linux/iptables_manager.py
@@ -281,9 +281,8 @@ class IptablesManager(object):
 
     """
 
-    def __init__(self, _execute=None, state_less=False,
-                 root_helper=None, use_ipv6=False, namespace=None,
-                 binary_name=binary_name):
+    def __init__(self, _execute=None, state_less=False, use_ipv6=False,
+                 namespace=None, binary_name=binary_name):
         if _execute:
             self.execute = _execute
         else:
@@ -291,7 +290,6 @@ class IptablesManager(object):
 
         config.register_iptables_opts(cfg.CONF)
         self.use_ipv6 = use_ipv6
-        self.root_helper = root_helper
         self.namespace = namespace
         self.iptables_apply_deferred = False
         self.wrap_name = binary_name[:16]
@@ -430,7 +428,7 @@ class IptablesManager(object):
             args = ['%s-save' % (cmd,), '-c']
             if self.namespace:
                 args = ['ip', 'netns', 'exec', self.namespace] + args
-            all_tables = self.execute(args, root_helper=self.root_helper)
+            all_tables = self.execute(args, run_as_root=True)
             all_lines = all_tables.split('\n')
             # Traverse tables in sorted order for predictable dump output
             for table_name in sorted(tables):
@@ -444,7 +442,7 @@ class IptablesManager(object):
                 args = ['ip', 'netns', 'exec', self.namespace] + args
             try:
                 self.execute(args, process_input='\n'.join(all_lines),
-                             root_helper=self.root_helper)
+                             run_as_root=True)
             except RuntimeError as r_error:
                 with excutils.save_and_reraise_exception():
                     try:
@@ -693,8 +691,7 @@ class IptablesManager(object):
                 args.append('-Z')
             if self.namespace:
                 args = ['ip', 'netns', 'exec', self.namespace] + args
-            current_table = (self.execute(args,
-                             root_helper=self.root_helper))
+            current_table = self.execute(args, run_as_root=True)
             current_lines = current_table.split('\n')
 
             for line in current_lines[2:]:
diff --git a/neutron/services/metering/drivers/iptables/iptables_driver.py b/neutron/services/metering/drivers/iptables/iptables_driver.py
index afacc46ab7a74d0173c2acaf4b615df161934a36..395cf818bc212ac1e6292c3b658188b901ee4ec6 100644 (file)
--- a/neutron/services/metering/drivers/iptables/iptables_driver.py
+++ b/neutron/services/metering/drivers/iptables/iptables_driver.py
@@ -73,7 +73,6 @@ class RouterWithMetering(object):
         self.root_helper = config.get_root_helper(self.conf)
         self.ns_name = NS_PREFIX + self.id if conf.use_namespaces else None
         self.iptables_manager = iptables_manager.IptablesManager(
-            root_helper=self.root_helper,
             namespace=self.ns_name,
             binary_name=WRAP_NAME,
             use_ipv6=ipv6_utils.is_enabled())
diff --git a/neutron/tests/functional/agent/linux/test_ipset.py b/neutron/tests/functional/agent/linux/test_ipset.py
index c447e0018e17cb32cd70bc66c9ea0975d42e61cb..13340afeb6e2661603a3f719a96a8d9a8d6ea6ca 100644 (file)
--- a/neutron/tests/functional/agent/linux/test_ipset.py
+++ b/neutron/tests/functional/agent/linux/test_ipset.py
@@ -33,7 +33,6 @@ class IpsetBase(base.BaseIPVethTestCase):
                                                         IPSET_SET)
 
         self.dst_iptables = iptables_manager.IptablesManager(
-            root_helper=self.root_helper,
             namespace=self.dst_ns.namespace)
 
         self._add_iptables_ipset_rules(self.dst_iptables)
diff --git a/neutron/tests/functional/agent/linux/test_iptables.py b/neutron/tests/functional/agent/linux/test_iptables.py
index 8634fddc29ce903b797f9b468d170d01335f05b2..bbdbe8815ab1082d28d8d129326771b0a2f38f63 100644 (file)
--- a/neutron/tests/functional/agent/linux/test_iptables.py
+++ b/neutron/tests/functional/agent/linux/test_iptables.py
@@ -35,10 +35,8 @@ class IptablesManagerTestCase(base.BaseIPVethTestCase):
 
     def create_firewalls(self):
         client_iptables = iptables_manager.IptablesManager(
-            root_helper=self.root_helper,
             namespace=self.client_ns.namespace)
         server_iptables = iptables_manager.IptablesManager(
-            root_helper=self.root_helper,
             namespace=self.server_ns.namespace)
 
         return client_iptables, server_iptables
diff --git a/neutron/tests/unit/services/metering/drivers/test_iptables_driver.py b/neutron/tests/unit/services/metering/drivers/test_iptables_driver.py
index 5a6202fd4e6c4f0caa39551d2f0ec8965b4672e1..e9bef2313096f770b9b0510baebb426f0ccf1adc 100644 (file)
--- a/neutron/tests/unit/services/metering/drivers/test_iptables_driver.py
+++ b/neutron/tests/unit/services/metering/drivers/test_iptables_driver.py
@@ -81,14 +81,6 @@ class IptablesDriverTestCase(base.BaseTestCase):
         self.metering = iptables_driver.IptablesMeteringDriver('metering',
                                                                cfg.CONF)
 
-    def test_root_helper(self):
-        self.metering.add_metering_label(None, TEST_ROUTERS)
-
-        self.iptables_cls.assert_called_with(root_helper='fake_sudo',
-                                             namespace=mock.ANY,
-                                             binary_name=mock.ANY,
-                                             use_ipv6=mock.ANY)
-
     def test_add_metering_label(self):
         routers = TEST_ROUTERS[:1]
 
diff --git a/neutron/tests/unit/test_iptables_manager.py b/neutron/tests/unit/test_iptables_manager.py
index 727c1ebcd91b1e6987505c3062d8be679651ff08..e5af48eaf820f56a4fafb3a78a03a6da38c58494 100644 (file)
--- a/neutron/tests/unit/test_iptables_manager.py
+++ b/neutron/tests/unit/test_iptables_manager.py
@@ -132,9 +132,7 @@ class IptablesCommentsTestCase(base.BaseTestCase):
         super(IptablesCommentsTestCase, self).setUp()
         cfg.CONF.register_opts(a_cfg.IPTABLES_OPTS, 'AGENT')
         cfg.CONF.set_override('comment_iptables_rules', True, 'AGENT')
-        self.root_helper = 'sudo'
-        self.iptables = (iptables_manager.
-                         IptablesManager(root_helper=self.root_helper))
+        self.iptables = iptables_manager.IptablesManager()
         self.execute = mock.patch.object(self.iptables, "execute").start()
 
     def test_comments_short_enough(self):
@@ -157,20 +155,20 @@ class IptablesCommentsTestCase(base.BaseTestCase):
 
         expected_calls_and_values = [
             (mock.call(['iptables-save', '-c'],
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              ''),
             (mock.call(['iptables-restore', '-c'],
                        process_input=(raw_dump + COMMENTED_NAT_DUMP +
                                       mangle_dump + filter_dump_mod),
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              None),
             (mock.call(['iptables-save', '-c'],
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              ''),
             (mock.call(['iptables-restore', '-c'],
                        process_input=(raw_dump + COMMENTED_NAT_DUMP +
                                       mangle_dump + FILTER_DUMP),
-                       root_helper=self.root_helper
+                       run_as_root=True
                        ),
              None),
         ]
@@ -233,8 +231,7 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
         cfg.CONF.register_opts(a_cfg.IPTABLES_OPTS, 'AGENT')
         cfg.CONF.set_override('comment_iptables_rules', False, 'AGENT')
         self.root_helper = 'sudo'
-        self.iptables = iptables_manager.IptablesManager(
-            root_helper=self.root_helper)
+        self.iptables = iptables_manager.IptablesManager()
         self.execute = mock.patch.object(self.iptables, "execute").start()
 
     def test_binary_name(self):
@@ -254,27 +251,26 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
     def _extend_with_ip6tables_filter(self, expected_calls, filter_dump):
         expected_calls.insert(2, (
             mock.call(['ip6tables-save', '-c'],
-                      root_helper=self.root_helper),
+                      run_as_root=True),
             ''))
         expected_calls.insert(3, (
             mock.call(['ip6tables-restore', '-c'],
                       process_input=filter_dump,
-                      root_helper=self.root_helper),
+                      run_as_root=True),
             None))
         expected_calls.extend([
             (mock.call(['ip6tables-save', '-c'],
-                      root_helper=self.root_helper),
+                      run_as_root=True),
              ''),
             (mock.call(['ip6tables-restore', '-c'],
                       process_input=filter_dump,
-                      root_helper=self.root_helper),
+                      run_as_root=True),
              None)])
 
     def _test_add_and_remove_chain_custom_binary_name_helper(self, use_ipv6):
         bn = ("abcdef" * 5)
 
         self.iptables = iptables_manager.IptablesManager(
-            root_helper=self.root_helper,
             binary_name=bn,
             use_ipv6=use_ipv6)
         self.execute = mock.patch.object(self.iptables, "execute").start()
@@ -294,20 +290,20 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
 
         expected_calls_and_values = [
             (mock.call(['iptables-save', '-c'],
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              ''),
             (mock.call(['iptables-restore', '-c'],
                        process_input=(raw_dump + nat_dump + mangle_dump +
                                       filter_dump_mod),
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              None),
             (mock.call(['iptables-save', '-c'],
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              ''),
             (mock.call(['iptables-restore', '-c'],
                        process_input=(raw_dump + nat_dump + mangle_dump +
                                       filter_dump),
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              None),
         ]
         if use_ipv6:
@@ -334,7 +330,6 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
         bn = ("abcdef" * 5)[:16]
 
         self.iptables = iptables_manager.IptablesManager(
-            root_helper=self.root_helper,
             binary_name=bn,
             use_ipv6=use_ipv6)
         self.execute = mock.patch.object(self.iptables, "execute").start()
@@ -355,20 +350,20 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
 
         expected_calls_and_values = [
             (mock.call(['iptables-save', '-c'],
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              ''),
             (mock.call(['iptables-restore', '-c'],
                        process_input=(raw_dump + nat_dump + mangle_dump +
                                       filter_dump_mod),
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              None),
             (mock.call(['iptables-save', '-c'],
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              ''),
             (mock.call(['iptables-restore', '-c'],
                        process_input=(raw_dump + nat_dump + mangle_dump +
                                       filter_dump),
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              None),
         ]
         if use_ipv6:
@@ -395,7 +390,6 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
 
     def _test_add_and_remove_chain_helper(self, use_ipv6):
         self.iptables = iptables_manager.IptablesManager(
-            root_helper=self.root_helper,
             use_ipv6=use_ipv6)
         self.execute = mock.patch.object(self.iptables, "execute").start()
 
@@ -403,20 +397,20 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
 
         expected_calls_and_values = [
             (mock.call(['iptables-save', '-c'],
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              ''),
             (mock.call(['iptables-restore', '-c'],
                        process_input=(RAW_DUMP + NAT_DUMP + MANGLE_DUMP +
                                       filter_dump_mod),
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              None),
             (mock.call(['iptables-save', '-c'],
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              ''),
             (mock.call(['iptables-restore', '-c'],
                        process_input=(RAW_DUMP + NAT_DUMP + MANGLE_DUMP +
                                       FILTER_DUMP),
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              None),
         ]
         if use_ipv6:
@@ -441,7 +435,6 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
 
     def _test_add_filter_rule_helper(self, use_ipv6):
         self.iptables = iptables_manager.IptablesManager(
-            root_helper=self.root_helper,
             use_ipv6=use_ipv6)
         self.execute = mock.patch.object(self.iptables, "execute").start()
 
@@ -455,20 +448,20 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
 
         expected_calls_and_values = [
             (mock.call(['iptables-save', '-c'],
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              ''),
             (mock.call(['iptables-restore', '-c'],
                        process_input=(RAW_DUMP + NAT_DUMP + MANGLE_DUMP +
                                       filter_dump_mod),
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              None),
             (mock.call(['iptables-save', '-c'],
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              ''),
             (mock.call(['iptables-restore', '-c'],
                        process_input=(RAW_DUMP + NAT_DUMP + MANGLE_DUMP +
                                       FILTER_DUMP),
-                       root_helper=self.root_helper
+                       run_as_root=True
                        ),
              None),
         ]
@@ -504,7 +497,6 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
 
     def _test_rule_with_wrap_target_helper(self, use_ipv6):
         self.iptables = iptables_manager.IptablesManager(
-            root_helper=self.root_helper,
             use_ipv6=use_ipv6)
         self.execute = mock.patch.object(self.iptables, "execute").start()
 
@@ -537,20 +529,20 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
 
         expected_calls_and_values = [
             (mock.call(['iptables-save', '-c'],
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              ''),
             (mock.call(['iptables-restore', '-c'],
                        process_input=(RAW_DUMP + NAT_DUMP + MANGLE_DUMP +
                                       filter_dump_mod),
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              None),
             (mock.call(['iptables-save', '-c'],
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              ''),
             (mock.call(['iptables-restore', '-c'],
                        process_input=(RAW_DUMP + NAT_DUMP + MANGLE_DUMP +
                                       FILTER_DUMP),
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              None),
         ]
         if use_ipv6:
@@ -582,7 +574,6 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
 
     def _test_add_mangle_rule_helper(self, use_ipv6):
         self.iptables = iptables_manager.IptablesManager(
-            root_helper=self.root_helper,
             use_ipv6=use_ipv6)
         self.execute = mock.patch.object(self.iptables, "execute").start()
 
@@ -607,20 +598,20 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
 
         expected_calls_and_values = [
             (mock.call(['iptables-save', '-c'],
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              ''),
             (mock.call(['iptables-restore', '-c'],
                        process_input=(RAW_DUMP + NAT_DUMP + mangle_dump_mod +
                                       FILTER_DUMP),
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              None),
             (mock.call(['iptables-save', '-c'],
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              ''),
             (mock.call(['iptables-restore', '-c'],
                        process_input=(RAW_DUMP + NAT_DUMP + MANGLE_DUMP +
                                       FILTER_DUMP),
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              None),
         ]
         if use_ipv6:
@@ -653,7 +644,6 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
 
     def _test_add_nat_rule_helper(self, use_ipv6):
         self.iptables = iptables_manager.IptablesManager(
-            root_helper=self.root_helper,
             use_ipv6=use_ipv6)
         self.execute = mock.patch.object(self.iptables, "execute").start()
 
@@ -684,20 +674,20 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
 
         expected_calls_and_values = [
             (mock.call(['iptables-save', '-c'],
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              ''),
             (mock.call(['iptables-restore', '-c'],
                        process_input=(RAW_DUMP + nat_dump_mod + MANGLE_DUMP +
                                       FILTER_DUMP),
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              None),
             (mock.call(['iptables-save', '-c'],
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              ''),
             (mock.call(['iptables-restore', '-c'],
                        process_input=(RAW_DUMP + nat_dump + MANGLE_DUMP +
                                       FILTER_DUMP),
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              None),
         ]
         if use_ipv6:
@@ -736,7 +726,6 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
 
     def _test_add_raw_rule_helper(self, use_ipv6):
         self.iptables = iptables_manager.IptablesManager(
-            root_helper=self.root_helper,
             use_ipv6=use_ipv6)
         self.execute = mock.patch.object(self.iptables, "execute").start()
 
@@ -754,20 +743,20 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
 
         expected_calls_and_values = [
             (mock.call(['iptables-save', '-c'],
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              ''),
             (mock.call(['iptables-restore', '-c'],
                        process_input=(raw_dump_mod + NAT_DUMP + MANGLE_DUMP +
                                       FILTER_DUMP),
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              None),
             (mock.call(['iptables-save', '-c'],
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              ''),
             (mock.call(['iptables-restore', '-c'],
                        process_input=(RAW_DUMP + NAT_DUMP + MANGLE_DUMP +
                                       FILTER_DUMP),
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              None),
         ]
         if use_ipv6:
@@ -890,7 +879,6 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
 
     def _test_get_traffic_counters_helper(self, use_ipv6):
         self.iptables = iptables_manager.IptablesManager(
-            root_helper=self.root_helper,
             use_ipv6=use_ipv6)
         self.execute = mock.patch.object(self.iptables, "execute").start()
         exp_packets = 800
@@ -899,26 +887,26 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
         expected_calls_and_values = [
             (mock.call(['iptables', '-t', 'filter', '-L', 'OUTPUT',
                         '-n', '-v', '-x'],
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              TRAFFIC_COUNTERS_DUMP),
             (mock.call(['iptables', '-t', 'raw', '-L', 'OUTPUT', '-n',
                         '-v', '-x'],
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              ''),
             (mock.call(['iptables', '-t', 'mangle', '-L', 'OUTPUT', '-n',
                         '-v', '-x'],
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              ''),
             (mock.call(['iptables', '-t', 'nat', '-L', 'OUTPUT', '-n',
                         '-v', '-x'],
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              ''),
         ]
         if use_ipv6:
             expected_calls_and_values.append(
                 (mock.call(['ip6tables', '-t', 'filter', '-L', 'OUTPUT',
                            '-n', '-v', '-x'],
-                           root_helper=self.root_helper),
+                           run_as_root=True),
                  TRAFFIC_COUNTERS_DUMP))
             exp_packets *= 2
             exp_bytes *= 2
@@ -940,7 +928,6 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
 
     def _test_get_traffic_counters_with_zero_helper(self, use_ipv6):
         self.iptables = iptables_manager.IptablesManager(
-            root_helper=self.root_helper,
             use_ipv6=use_ipv6)
         self.execute = mock.patch.object(self.iptables, "execute").start()
         exp_packets = 800
@@ -949,26 +936,26 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
         expected_calls_and_values = [
             (mock.call(['iptables', '-t', 'filter', '-L', 'OUTPUT',
                         '-n', '-v', '-x', '-Z'],
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              TRAFFIC_COUNTERS_DUMP),
             (mock.call(['iptables', '-t', 'raw', '-L', 'OUTPUT', '-n',
                         '-v', '-x', '-Z'],
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              ''),
             (mock.call(['iptables', '-t', 'mangle', '-L', 'OUTPUT', '-n',
                         '-v', '-x', '-Z'],
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              ''),
             (mock.call(['iptables', '-t', 'nat', '-L', 'OUTPUT', '-n',
                         '-v', '-x', '-Z'],
-                       root_helper=self.root_helper),
+                       run_as_root=True),
              '')
         ]
         if use_ipv6:
             expected_calls_and_values.append(
                 (mock.call(['ip6tables', '-t', 'filter', '-L', 'OUTPUT',
                             '-n', '-v', '-x', '-Z'],
-                           root_helper=self.root_helper),
+                           run_as_root=True),
                  TRAFFIC_COUNTERS_DUMP))
             exp_packets *= 2
             exp_bytes *= 2
diff --git a/neutron/tests/unit/test_security_groups_rpc.py b/neutron/tests/unit/test_security_groups_rpc.py
index c1ffc4073d820d51440d08887c03414e3574b663..a647e221c4876c76de3d4c4eabf5a12faf32adfa 100644 (file)
--- a/neutron/tests/unit/test_security_groups_rpc.py
+++ b/neutron/tests/unit/test_security_groups_rpc.py
@@ -2633,22 +2633,22 @@ class TestSecurityGroupAgentWithIptables(base.BaseTestCase):
     def _replay_iptables(self, v4_filter, v6_filter):
         self._register_mock_call(
             ['iptables-save', '-c'],
-            root_helper=self.root_helper,
+            run_as_root=True,
             return_value='')
         self._register_mock_call(
             ['iptables-restore', '-c'],
             process_input=self._regex(IPTABLES_RAW + IPTABLES_NAT +
                                       IPTABLES_MANGLE + v4_filter),
-            root_helper=self.root_helper,
+            run_as_root=True,
             return_value='')
         self._register_mock_call(
             ['ip6tables-save', '-c'],
-            root_helper=self.root_helper,
+            run_as_root=True,
             return_value='')
         self._register_mock_call(
             ['ip6tables-restore', '-c'],
             process_input=self._regex(v6_filter),
-            root_helper=self.root_helper,
+            run_as_root=True,
             return_value='')
 
     def test_prepare_remove_port(self):