Don't change permissions of netrules target

(cherry picked from commit d9b809b904b730fdcd74c9207c2233cc2c8a5053)
2023-04-13 14:38:41 +08:00 · 2023-04-13 14:38:41 +08:00 · 11ae60aa8d
commit 11ae60aa8d
parent 6d981ae9ce
2 changed files with 101 additions and 1 deletions
--- a/backport-Do-not-change-permissions-of-netrules-target.patch
+++ b/backport-Do-not-change-permissions-of-netrules-target.patch
@ -0,0 +1,96 @@
 From 56c88cafd1b3606e814069a79f4ec265fc427c87 Mon Sep 17 00:00:00 2001
 From: James Falcon <james.falcon@canonical.com>
 Date: Thu, 23 Mar 2023 10:21:56 -0500
 Subject: [PATCH] Don't change permissions of netrules target (#2076)
 Set permissions if file doesn't exist. Leave them if it does.
 LP: #2011783
 Co-authored-by: Chad Smith <chad.smith@canonical.com>
 ---
 cloudinit/net/eni.py                           |  3 ++-
 cloudinit/net/sysconfig.py                     |  2 +-
 tests/unittests/test_distros/test_netconfig.py | 17 ++++++++++++++---
 3 files changed, 17 insertions(+), 5 deletions(-)
 diff --git a/cloudinit/net/eni.py b/cloudinit/net/eni.py
 index a89e5ad..2ce7c4f 100644
 --- a/cloudinit/net/eni.py
 +++ b/cloudinit/net/eni.py
@@ -525,7 +525,8 @@ class Renderer(renderer.Renderer):
             netrules = subp.target_path(target, self.netrules_path)
             util.ensure_dir(os.path.dirname(netrules))
             util.write_file(netrules,
 -                            self._render_persistent_net(network_state))
 +                            self._render_persistent_net(network_state),
 +                            preserve_mode=True,)
 def network_state_to_eni(network_state, header=None, render_hwaddress=False):
 diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py
 index aa24303..afc9ca6 100644
 --- a/cloudinit/net/sysconfig.py
 +++ b/cloudinit/net/sysconfig.py
@@ -930,7 +930,7 @@ class Renderer(renderer.Renderer):
         if self.netrules_path:
             netrules_content = self._render_persistent_net(network_state)
             netrules_path = subp.target_path(target, self.netrules_path)
 -            util.write_file(netrules_path, netrules_content, file_mode)
 +            util.write_file(netrules_path, netrules_content, file_mode, preserve_mode=True)
         if available_nm(target=target):
             enable_ifcfg_rh(subp.target_path(
                 target, path=NM_CFG_FILE
 diff --git a/tests/unittests/test_distros/test_netconfig.py b/tests/unittests/test_distros/test_netconfig.py
 index 416667d..3f82d54 100644
 --- a/tests/unittests/test_distros/test_netconfig.py
 +++ b/tests/unittests/test_distros/test_netconfig.py
@@ -366,15 +366,22 @@ class TestNetCfgDistroUbuntuEni(TestNetCfgDistroBase):
     def eni_path(self):
         return '/etc/network/interfaces.d/50-cloud-init.cfg'
 +    def rules_path(self):
 +        return "/etc/udev/rules.d/70-persistent-net.rules"
 +
     def _apply_and_verify_eni(self, apply_fn, config, expected_cfgs=None,
 -                              bringup=False):
 +                              bringup=False, previous_files=()):
         if not expected_cfgs:
             raise ValueError('expected_cfg must not be None')
         tmpd = None
         with mock.patch('cloudinit.net.eni.available') as m_avail:
             m_avail.return_value = True
 +            path_modes = {}
             with self.reRooted(tmpd) as tmpd:
 +                for previous_path, content, mode in previous_files:
 +                    util.write_file(previous_path, content, mode=mode)
 +                    path_modes[previous_path] = mode
                 apply_fn(config, bringup)
         results = dir2dict(tmpd)
@@ -385,15 +392,19 @@ class TestNetCfgDistroUbuntuEni(TestNetCfgDistroBase):
             print(results[cfgpath])
             print("----------")
             self.assertEqual(expected, results[cfgpath])
 -            self.assertEqual(0o644, get_mode(cfgpath, tmpd))
 +            self.assertEqual(
 +                    path_modes.get(cfgpath, 0o644), get_mode(cfgpath, tmpd)
 +            )
     def test_apply_network_config_eni_ub(self):
         expected_cfgs = {
             self.eni_path(): V1_NET_CFG_OUTPUT,
 +            self.rules_path(): "",
         }
         self._apply_and_verify_eni(self.distro.apply_network_config,
                                    V1_NET_CFG,
 -                                   expected_cfgs=expected_cfgs.copy())
 +                                   expected_cfgs=expected_cfgs.copy(),
 +                                   previous_files=((self.rules_path(), "something", 0o660),),)
     def test_apply_network_config_ipv6_ub(self):
         expected_cfgs = {
 -- 
 2.33.0
--- a/cloud-init.spec
+++ b/cloud-init.spec
@ -1,6 +1,6 @@
 Name: cloud-init
 Version: 21.4
-Release: 11
+Release: 12
 Summary: the defacto multi-distribution package that handles early initialization of a cloud instance.
 License: ASL 2.0 or GPLv3
 URL: http://launchpad.net/cloud-init
@ -20,6 +20,7 @@ Patch8: backport-net-netplan-config-root-read-only-as-wifi-config-can.patch
 Patch9: backport-netplan-define-features.NETPLAN_CONFIG_ROOT_READ_ONL.patch
 Patch10: backport-Fix-the-distro.osfamily-output-problem.patch
 Patch11: backport-netplan-keep-custom-strict-perms-when-50-cloud-init.patch
 Patch12: backport-Do-not-change-permissions-of-netrules-target.patch
 Patch9000: Fix-the-error-level-logs-displayed-for-the-cloud-init-local-service.patch
@ -131,6 +132,9 @@ fi
 %exclude /usr/share/doc/*
 %changelog
 * Thu Apr 13 2023 shixuantong <shixuantong1@huawei.com> - 21.4-12
 - Don't change permissions of netrules target
 * Mon Mar 27 2023 shixuantong <shixuantong1@huawei.com> - 21.4-11
 - keep custom strict perms when 50-cloud-init.yaml exists