Remove root_helper arg from IpsetManager

Change-Id: I174f109b5d60ec6d5514ffbcdbc097271ea41758
Partially-Implements: blueprint rootwrap-daemon-mode

diff --git a/neutron/agent/linux/ipset_manager.py b/neutron/agent/linux/ipset_manager.py
index 703eb00d1fc661dd0685bcfac6225a0b5c0af8ac..e5ab7a01e9c5813e4e1035b43158d434968c3a2f 100644 (file)
--- a/neutron/agent/linux/ipset_manager.py
+++ b/neutron/agent/linux/ipset_manager.py
@@ -26,9 +26,8 @@ class IpsetManager(object):
        or single ip add/remove for smaller changes.
     """
 
-    def __init__(self, execute=None, root_helper=None, namespace=None):
+    def __init__(self, execute=None, namespace=None):
         self.execute = execute or linux_utils.execute
-        self.root_helper = root_helper
         self.namespace = namespace
         self.ipset_sets = {}
 
@@ -113,9 +112,7 @@ class IpsetManager(object):
         if self.namespace:
             cmd_ns.extend(['ip', 'netns', 'exec', self.namespace])
         cmd_ns.extend(cmd)
-        self.execute(cmd_ns,
-                     root_helper=self.root_helper,
-                     process_input=input)
+        self.execute(cmd_ns, run_as_root=True, process_input=input)
 
     def _get_new_set_ips(self, set_name, expected_ips):
         new_member_ips = (set(expected_ips) -

diff --git a/neutron/agent/linux/iptables_firewall.py b/neutron/agent/linux/iptables_firewall.py
index 285b5de94738be4907326618cfd54fcb30f470ce..f5ee7a9edc7215a3a911f5709b24c9bce5703215 100644 (file)
--- a/neutron/agent/linux/iptables_firewall.py
+++ b/neutron/agent/linux/iptables_firewall.py
@@ -48,12 +48,11 @@ class IptablesFirewallDriver(firewall.FirewallDriver):
                           EGRESS_DIRECTION: 'physdev-in'}
 
     def __init__(self):
-        self.root_helper = cfg.CONF.AGENT.root_helper
         self.iptables = iptables_manager.IptablesManager(
             use_ipv6=ipv6_utils.is_enabled())
         # TODO(majopela, shihanzhang): refactor out ipset to a separate
         # driver composed over this one
-        self.ipset = ipset_manager.IpsetManager(root_helper=self.root_helper)
+        self.ipset = ipset_manager.IpsetManager()
         # list of port which has security group
         self.filtered_ports = {}
         self._add_fallback_chain_v4v6()

diff --git a/neutron/tests/functional/agent/linux/test_ipset.py b/neutron/tests/functional/agent/linux/test_ipset.py
index 13340afeb6e2661603a3f719a96a8d9a8d6ea6ca..ebe45ff52f58e27b13632f95e4bf7f8eca66bdc9 100644 (file)
--- a/neutron/tests/functional/agent/linux/test_ipset.py
+++ b/neutron/tests/functional/agent/linux/test_ipset.py
@@ -39,7 +39,6 @@ class IpsetBase(base.BaseIPVethTestCase):
 
     def _create_ipset_manager_and_set(self, dst_ns, set_name):
         ipset = ipset_manager.IpsetManager(
-            root_helper=self.root_helper,
             namespace=dst_ns.namespace)
 
         ipset._create_set(set_name, IPSET_ETHERTYPE)

diff --git a/neutron/tests/unit/agent/linux/test_ipset_manager.py b/neutron/tests/unit/agent/linux/test_ipset_manager.py
index 70b9637b17d257984638673429631658a8f70cc4..cbd156218ffe2b7a5deb7929a1aaa5c5aef6a7d9 100644 (file)
--- a/neutron/tests/unit/agent/linux/test_ipset_manager.py
+++ b/neutron/tests/unit/agent/linux/test_ipset_manager.py
@@ -27,9 +27,7 @@ FAKE_IPS = ['10.0.0.1', '10.0.0.2', '10.0.0.3', '10.0.0.4',
 class BaseIpsetManagerTest(base.BaseTestCase):
     def setUp(self):
         super(BaseIpsetManagerTest, self).setUp()
-        self.root_helper = 'sudo'
-        self.ipset = ipset_manager.IpsetManager(
-            root_helper=self.root_helper)
+        self.ipset = ipset_manager.IpsetManager()
         self.execute = mock.patch.object(self.ipset, "execute").start()
         self.expected_calls = []
         self.expect_create()
@@ -44,38 +42,38 @@ class BaseIpsetManagerTest(base.BaseTestCase):
         self.expected_calls.extend([
             mock.call(['ipset', 'restore', '-exist'],
                       process_input=input,
-                      root_helper=self.root_helper),
+                      run_as_root=True),
             mock.call(['ipset', 'swap', TEST_SET_NAME_NEW, TEST_SET_NAME],
                       process_input=None,
-                      root_helper=self.root_helper),
+                      run_as_root=True),
             mock.call(['ipset', 'destroy', TEST_SET_NAME_NEW],
                       process_input=None,
-                      root_helper=self.root_helper)])
+                      run_as_root=True)])
 
     def expect_add(self, addresses):
         self.expected_calls.extend(
             mock.call(['ipset', 'add', '-exist', TEST_SET_NAME, ip],
                       process_input=None,
-                      root_helper=self.root_helper) for ip in addresses)
+                      run_as_root=True) for ip in addresses)
 
     def expect_del(self, addresses):
         self.expected_calls.extend(
             mock.call(['ipset', 'del', TEST_SET_NAME, ip],
                       process_input=None,
-                      root_helper=self.root_helper) for ip in addresses)
+                      run_as_root=True) for ip in addresses)
 
     def expect_create(self):
         self.expected_calls.append(
             mock.call(['ipset', 'create', '-exist', TEST_SET_NAME,
                        'hash:ip', 'family', 'inet'],
                       process_input=None,
-                      root_helper=self.root_helper))
+                      run_as_root=True))
 
     def expect_destroy(self):
         self.expected_calls.append(
             mock.call(['ipset', 'destroy', TEST_SET_NAME],
                       process_input=None,
-                      root_helper=self.root_helper))
+                      run_as_root=True))
 
     def add_first_ip(self):
         self.expect_set([FAKE_IPS[0]])