From: Miguel Angel Ajo <mangelajo@redhat.com>
Date: Mon, 18 Aug 2014 10:50:58 +0000 (+0200)
Subject: Fix IpNetnsCommand to execute without root_wrapper when no netns
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=eca9069be3d730c788e433edb291123eede07839;p=openstack-build%2Fneutron-build.git

Fix IpNetnsCommand to execute without root_wrapper when no netns

IpNetnsCommand accept execution with a network namespace, and
that requires root privileges and a root_wrapper.
IpNetnsCommand does accept no namespace too, in that case, the
root_wrapper doesn't have to be present necessarily, unless the
command we're executing requires root privileges itself.

This patch fixes the check condition on IpNetnsCommand execute
method.

Change-Id: I5ab2f3f1daf4a5a080611dbcd3dbd43292f6766a
Closes-Bug: #1358196
---

diff --git a/neutron/agent/linux/ip_lib.py b/neutron/agent/linux/ip_lib.py
index afc27f788..c7808871a 100644
--- a/neutron/agent/linux/ip_lib.py
+++ b/neutron/agent/linux/ip_lib.py
@@ -524,10 +524,10 @@ class IpNetnsCommand(IpCommandBase):
         self._as_root('delete', name, use_root_namespace=True)
 
     def execute(self, cmds, addl_env={}, check_exit_code=True):
-        if not self._parent.root_helper:
-            raise exceptions.SudoRequired()
         ns_params = []
         if self._parent.namespace:
+            if not self._parent.root_helper:
+                raise exceptions.SudoRequired()
             ns_params = ['ip', 'netns', 'exec', self._parent.namespace]
 
         env_params = []
diff --git a/neutron/tests/unit/test_linux_ip_lib.py b/neutron/tests/unit/test_linux_ip_lib.py
index 08dc98fb6..874dfbaee 100644
--- a/neutron/tests/unit/test_linux_ip_lib.py
+++ b/neutron/tests/unit/test_linux_ip_lib.py
@@ -826,6 +826,15 @@ class TestIpNetnsCommand(TestIPCmdBase):
                  'ip', 'link', 'list'],
                 root_helper='sudo', check_exit_code=True)
 
+    def test_execute_nosudo_with_no_namespace(self):
+        with mock.patch('neutron.agent.linux.utils.execute') as execute:
+            self.parent.namespace = None
+            self.parent.root_helper = None
+            self.netns_cmd.execute(['test'])
+            execute.assert_called_once_with(['test'],
+                                            root_helper=None,
+                                            check_exit_code=True)
+
 
 class TestDeviceExists(base.BaseTestCase):
     def test_device_exists(self):