Merge pull request #218 from stackhpc/upstream/wallaby-2023-04-24

mnasiadka · web-flow · commit c0f1248a6e0a · 2023-04-24T11:02:53.000+02:00
Synchronise wallaby with upstream
diff --git a/docker/cinder/cinder-volume/Dockerfile.j2 b/docker/cinder/cinder-volume/Dockerfile.j2
@@ -9,6 +9,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 {% if base_package_type == 'rpm' %}
     {% set cinder_volume_packages = [
+            'device-mapper-multipath',
             'nfs-utils',
             'nvmetcli',
             'python3-rtslib',
@@ -24,6 +25,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 {% elif base_package_type == 'deb' %}
     {% set cinder_volume_packages = [
             'lsscsi',
+            'multipath-tools',
             'nfs-common',
             'nvme-cli',
             'sysfsutils',
diff --git a/docker/nova/nova-libvirt/Dockerfile.j2 b/docker/nova/nova-libvirt/Dockerfile.j2
@@ -22,6 +22,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
         'libvirt-daemon',
         'libvirt-daemon-config-nwfilter',
         'libvirt-daemon-driver-nwfilter',
+        'libvirt-daemon-driver-nodedev',
         'openvswitch',
         'qemu-img',
         'qemu-kvm',
diff --git a/kolla/image/build.py b/kolla/image/build.py
@@ -491,7 +491,7 @@ def update_buildargs(self):
     def builder(self, image):
 
         def _test_malicious_tarball(archive, path):
-            tar_file = tarfile.open(archive, 'r|gz')
+            tar_file = tarfile.open(archive, 'r|*')
             for n in tar_file.getnames():
                 if not os.path.abspath(os.path.join(path, n)).startswith(path):
                     tar_file.close()
diff --git a/kolla/tests/test_build.py b/kolla/tests/test_build.py
@@ -301,9 +301,83 @@ def test_process_source(self, mock_get, mock_client,
             else:
                 self.assertIsNotNone(get_result)
 
+    @mock.patch.dict(os.environ, clear=True)
+    @mock.patch('docker.APIClient')
+    def test_local_directory(self, mock_client):
+        self.conf.set_override('install_type', 'source')
+        tmpdir = tempfile.mkdtemp()
+        file_name = 'test.txt'
+        file_path = os.path.join(tmpdir, file_name)
+        saved_umask = os.umask(0o077)
+
+        try:
+            with open(file_path, 'w') as f:
+                f.write('Hello')
+
+            self.dc = mock_client
+            self.image.plugins = [{
+                'name': 'fake-image-base-plugin-test',
+                'type': 'local',
+                'enabled': True,
+                'source': tmpdir}
+                ]
+            push_queue = mock.Mock()
+            builder = build.BuildTask(self.conf, self.image, push_queue)
+            builder.run()
+            self.assertTrue(builder.success)
+
+        except IOError:
+            print('IOError')
+        else:
+            os.remove(file_path)
+        finally:
+            os.umask(saved_umask)
+            os.rmdir(tmpdir)
+
     @mock.patch.dict(os.environ, clear=True)
     @mock.patch('docker.APIClient')
     def test_malicious_tar(self, mock_client):
+        self.conf.set_override('install_type', 'source')
+        tmpdir = tempfile.mkdtemp()
+        file_name = 'test.txt'
+        archive_name = 'my_archive.tar'
+        file_path = os.path.join(tmpdir, file_name)
+        archive_path = os.path.join(tmpdir, archive_name)
+        # Ensure the file is read/write by the creator only
+        saved_umask = os.umask(0o077)
+
+        try:
+            with open(file_path, 'w') as f:
+                f.write('Hello')
+
+            with tarfile.open(archive_path, 'w') as tar:
+                tar.add(file_path, arcname='../test.txt')
+
+            self.dc = mock_client
+            self.image.plugins = [{
+                'name': 'fake-image-base-plugin-test',
+                'type': 'local',
+                'enabled': True,
+                'source': archive_path}
+                ]
+
+            push_queue = mock.Mock()
+            builder = build.BuildTask(self.conf, self.image, push_queue)
+            builder.run()
+            self.assertFalse(builder.success)
+
+        except IOError:
+            print('IOError')
+        else:
+            os.remove(file_path)
+            os.remove(archive_path)
+        finally:
+            os.umask(saved_umask)
+            os.rmdir(tmpdir)
+
+    @mock.patch.dict(os.environ, clear=True)
+    @mock.patch('docker.APIClient')
+    def test_malicious_tar_gz(self, mock_client):
         self.conf.set_override('install_type', 'source')
         tmpdir = tempfile.mkdtemp()
         file_name = 'test.txt'
