def test_named_parameter_escaping(self):
# no sudo
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = LOGGED_USER_USERNAME
kwargs['named_args'] = OrderedDict([
('key1', 'value foo bar'),
('key2', 'value "bar" foo'),
('key3', 'date ; whoami'),
('key4', '"date ; whoami"'),
])
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected = self._get_fixture('escaping_test_command_1.txt')
self.assertEqual(command, expected)
# sudo
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = True
kwargs['user'] = LOGGED_USER_USERNAME
kwargs['named_args'] = OrderedDict([
('key1', 'value foo bar'),
('key2', 'value "bar" foo'),
('key3', 'date ; whoami'),
('key4', '"date ; whoami"'),
])
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected = self._get_fixture('escaping_test_command_2.txt')
self.assertEqual(command, expected)
def generate_arg(st2_arg, value):
dummy_action = ShellScriptAction('', '', '')
# noinspection PyProtectedMember
arg = dummy_action._get_script_arguments(named_args={st2_arg: value})
arg = ' '.join(shlex.split(arg))
return arg
def test_various_ascii_parameters(self):
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = LOGGED_USER_USERNAME
kwargs['named_args'] = {'foo1': 'bar1', 'foo2': 'bar2'}
kwargs['positional_args'] = []
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
self.assertEqual(command, u"/tmp/foo.sh foo1=bar1 foo2=bar2")
def test_unicode_parameter_specifing(self):
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = LOGGED_USER_USERNAME
kwargs['named_args'] = {u'foo': u'bar'}
kwargs['positional_args'] = []
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
self.assertEqual(command, u"/tmp/foo.sh 'foo'='bar'")
def test_various_ascii_parameters(self):
kwargs = copy.deepcopy(self._base_kwargs)
kwargs["sudo"] = False
kwargs["user"] = LOGGED_USER_USERNAME
kwargs["named_args"] = {"foo1": "bar1", "foo2": "bar2"}
kwargs["positional_args"] = []
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
self.assertEqual(command, "/tmp/foo.sh foo1=bar1 foo2=bar2")
def test_unicode_parameter_specifing(self):
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = LOGGED_USER_USERNAME
kwargs['named_args'] = {u'foo': u'bar'}
kwargs['positional_args'] = []
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
self.assertEqual(command, u"/tmp/foo.sh 'foo'='bar'")
def test_various_ascii_parameters(self):
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = LOGGED_USER_USERNAME
kwargs['named_args'] = {'foo1': 'bar1', 'foo2': 'bar2'}
kwargs['positional_args'] = []
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
self.assertEqual(command, u"/tmp/foo.sh foo1=bar1 foo2=bar2")
def test_unicode_parameter_specifing(self):
kwargs = copy.deepcopy(self._base_kwargs)
kwargs["sudo"] = False
kwargs["user"] = LOGGED_USER_USERNAME
kwargs["named_args"] = {"foo": "bar"}
kwargs["positional_args"] = []
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
self.assertEqual(command, "/tmp/foo.sh 'foo'='bar'")
def test_user_argument(self):
# User is the same as logged user, no sudo should be used
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = LOGGED_USER_USERNAME
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
self.assertEqual(command, '/tmp/foo.sh')
# User is different, sudo should be used
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = '******'
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
self.assertEqual(command, 'sudo -E -u mauser -- bash -c /tmp/foo.sh')
# sudo is used, it doesn't matter what user is specified since the
# command should run as root
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = True
kwargs['user'] = '******'
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
self.assertEqual(command, 'sudo -E -- bash -c /tmp/foo.sh')
def test_named_parameter_escaping(self):
# no sudo
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = LOGGED_USER_USERNAME
kwargs['named_args'] = {
'key1': 'value foo bar',
'key2': 'value "bar" foo',
'key3': 'date ; whoami',
'key4': '"date ; whoami"',
}
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected = self._get_fixture('escaping_test_command_1.txt')
self.assertEqual(command, expected)
# sudo
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = True
kwargs['user'] = LOGGED_USER_USERNAME
kwargs['named_args'] = {
'key1': 'value foo bar',
'key2': 'value "bar" foo',
'key3': 'date ; whoami',
'key4': '"date ; whoami"',
}
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected = self._get_fixture('escaping_test_command_2.txt')
self.assertEqual(command, expected)
def test_user_argument(self):
# User is the same as logged user, no sudo should be used
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = LOGGED_USER_USERNAME
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
self.assertEqual(command, '/tmp/foo.sh')
# User is different, sudo should be used
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = '******'
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
self.assertEqual(command, 'sudo -E -u mauser -- bash -c /tmp/foo.sh')
# sudo is used, it doesn't matter what user is specified since the
# command should run as root
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = True
kwargs['user'] = '******'
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
self.assertEqual(command, 'sudo -E -- bash -c /tmp/foo.sh')
def test_named_parameter_escaping(self):
# no sudo
kwargs = copy.deepcopy(self._base_kwargs)
kwargs["sudo"] = False
kwargs["user"] = LOGGED_USER_USERNAME
kwargs["named_args"] = OrderedDict([
("key1", "value foo bar"),
("key2", 'value "bar" foo'),
("key3", "date ; whoami"),
("key4", '"date ; whoami"'),
])
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected = self._get_fixture("escaping_test_command_1.txt")
self.assertEqual(command, expected)
# sudo
kwargs = copy.deepcopy(self._base_kwargs)
kwargs["sudo"] = True
kwargs["user"] = LOGGED_USER_USERNAME
kwargs["named_args"] = OrderedDict([
("key1", "value foo bar"),
("key2", 'value "bar" foo'),
("key3", "date ; whoami"),
("key4", '"date ; whoami"'),
])
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected = self._get_fixture("escaping_test_command_2.txt")
self.assertEqual(command, expected)
def run(self, action_parameters):
if not self.entry_point:
raise ValueError('Missing entry_point action metadata attribute')
script_local_path_abs = self.entry_point
positional_args, named_args = self._get_script_args(action_parameters)
named_args = self._transform_named_args(named_args)
action = ShellScriptAction(name=self.action_name,
action_exec_id=str(self.liveaction_id),
script_local_path_abs=script_local_path_abs,
named_args=named_args,
positional_args=positional_args,
user=self._user,
env_vars=self._env,
sudo=self._sudo,
timeout=self._timeout,
cwd=self._cwd,
sudo_password=self._sudo_password)
return self._run(action=action)
def run(self, action_parameters):
LOG.debug(' action_parameters = %s', action_parameters)
env_vars = self._env
if not self.entry_point:
script_action = False
command = self.runner_parameters.get(RUNNER_COMMAND, None)
action = ShellCommandAction(name=self.action_name,
action_exec_id=str(self.liveaction_id),
command=command,
user=self._user,
env_vars=env_vars,
sudo=self._sudo,
timeout=self._timeout)
else:
script_action = True
script_local_path_abs = self.entry_point
positional_args, named_args = self._get_script_args(action_parameters)
named_args = self._transform_named_args(named_args)
action = ShellScriptAction(name=self.action_name,
action_exec_id=str(self.liveaction_id),
script_local_path_abs=script_local_path_abs,
named_args=named_args,
positional_args=positional_args,
user=self._user,
env_vars=env_vars,
sudo=self._sudo,
timeout=self._timeout,
cwd=self._cwd)
args = action.get_full_command_string()
# For consistency with the old Fabric based runner, make sure the file is executable
if script_action:
args = 'chmod +x %s ; %s' % (script_local_path_abs, args)
env = os.environ.copy()
# Include user provided env vars (if any)
env.update(env_vars)
# Make sure os.setsid is called on each spawned process so that all processes
# are in the same group.
process = subprocess.Popen(args=args, stdin=None, stdout=subprocess.PIPE,
stderr=subprocess.PIPE, shell=True, cwd=self._cwd,
env=env, preexec_fn=os.setsid)
error_holder = {}
def on_timeout_expired(timeout):
try:
process.wait(timeout=self._timeout)
except subprocess.TimeoutExpired:
# Set the error prior to kill the process else the error is not picked up due
# to eventlet scheduling.
error_holder['error'] = 'Action failed to complete in %s seconds' % (self._timeout)
# Action has timed out, kill the process and propagate the error. The process
# is started as sudo -u {{system_user}} -- bash -c {{command}}. Introduction of the
# bash means that multiple independent processes are spawned without them being
# children of the process we have access to and this requires use of pkill.
# Ideally os.killpg should have done the trick but for some reason that failed.
# Note: pkill will set the returncode to 143 so we don't need to explicitly set
# it to some non-zero value.
try:
killcommand = shlex.split('sudo pkill -TERM -s %s' % process.pid)
subprocess.call(killcommand)
except:
LOG.exception('Unable to pkill.')
timeout_expiry = eventlet.spawn(on_timeout_expired, self._timeout)
stdout, stderr = process.communicate()
timeout_expiry.cancel()
error = error_holder.get('error', None)
exit_code = process.returncode
succeeded = (exit_code == 0)
result = {
'failed': not succeeded,
'succeeded': succeeded,
'return_code': exit_code,
'stdout': stdout,
'stderr': stderr
}
if error:
result['error'] = error
status = LIVEACTION_STATUS_SUCCEEDED if exit_code == 0 else LIVEACTION_STATUS_FAILED
return (status, jsonify.json_loads(result, LocalShellRunner.KEYS_TO_TRANSFORM), None)
def test_command_construction_with_parameters(self):
# same user, named args, no positional args
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = LOGGED_USER_USERNAME
kwargs['named_args'] = {'key1': 'value1', 'key2': 'value2'}
kwargs['positional_args'] = []
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
self.assertEqual(command, '/tmp/foo.sh key2=value2 key1=value1')
# different user, named args, no positional args
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = '******'
kwargs['named_args'] = {'key1': 'value1', 'key2': 'value2'}
kwargs['positional_args'] = ''
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected = 'sudo -E -u mauser -- bash -c \'/tmp/foo.sh key2=value2 key1=value1\''
self.assertEqual(command, expected)
# same user, positional args, no named args
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = LOGGED_USER_USERNAME
kwargs['named_args'] = {}
kwargs['positional_args'] = 'ein zwei drei'
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
self.assertEqual(command, '/tmp/foo.sh ein zwei drei')
# different user, named args, positional args
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = '******'
kwargs['named_args'] = {}
kwargs['positional_args'] = 'ein zwei drei'
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected = 'sudo -E -u mauser -- bash -c \'/tmp/foo.sh ein zwei drei\''
self.assertEqual(command, expected)
# same user, positional and named args
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = LOGGED_USER_USERNAME
kwargs['named_args'] = {'key1': 'value1', 'key2': 'value2'}
kwargs['positional_args'] = 'ein zwei drei'
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
self.assertEqual(command, '/tmp/foo.sh key2=value2 key1=value1 ein zwei drei')
# different user, positional and named args
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = '******'
kwargs['named_args'] = {'key1': 'value1', 'key2': 'value2'}
kwargs['positional_args'] = 'ein zwei drei'
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected = ('sudo -E -u mauser -- bash -c \'/tmp/foo.sh key2=value2 '
'key1=value1 ein zwei drei\'')
self.assertEqual(command, expected)
def test_command_construction_correct_default_parameter_values_are_used(self):
runner_parameters = {}
action_db_parameters = {
'project': {
'type': 'string',
'default': 'st2',
'position': 0,
},
'version': {
'type': 'string',
'position': 1,
'required': True
},
'fork': {
'type': 'string',
'position': 2,
'default': 'StackStorm',
},
'branch': {
'type': 'string',
'position': 3,
'default': 'master',
},
'update_changelog': {
'type': 'boolean',
'position': 4,
'default': False
},
'local_repo': {
'type': 'string',
'position': 5,
}
}
context = {}
action_db = ActionDB(pack='dummy', name='action')
runner = LocalShellScriptRunner('id')
runner.runner_parameters = {}
runner.action = action_db
# 1. All default values used
live_action_db_parameters = {
'project': 'st2flow',
'version': '3.0.0',
'fork': 'StackStorm',
'local_repo': '/tmp/repo'
}
runner_params, action_params = param_utils.render_final_params(runner_parameters,
action_db_parameters,
live_action_db_parameters,
context)
self.assertDictEqual(action_params, {
'project': 'st2flow',
'version': '3.0.0',
'fork': 'StackStorm',
'branch': 'master', # default value used
'update_changelog': False, # default value used
'local_repo': '/tmp/repo'
})
action_db.parameters = action_db_parameters
positional_args, named_args = runner._get_script_args(action_params)
named_args = runner._transform_named_args(named_args)
shell_script_action = ShellScriptAction(name='dummy', action_exec_id='dummy',
script_local_path_abs='/tmp/local.sh',
named_args=named_args,
positional_args=positional_args)
command_string = shell_script_action.get_full_command_string()
expected = '/tmp/local.sh st2flow 3.0.0 StackStorm master 0 /tmp/repo'
self.assertEqual(command_string, expected)
# 2. Some default values used
live_action_db_parameters = {
'project': 'st2web',
'version': '3.1.0',
'fork': 'StackStorm1',
'update_changelog': True,
'local_repo': '/tmp/repob'
}
runner_params, action_params = param_utils.render_final_params(runner_parameters,
action_db_parameters,
live_action_db_parameters,
context)
self.assertDictEqual(action_params, {
'project': 'st2web',
'version': '3.1.0',
'fork': 'StackStorm1',
'branch': 'master', # default value used
'update_changelog': True, # default value used
'local_repo': '/tmp/repob'
})
action_db.parameters = action_db_parameters
positional_args, named_args = runner._get_script_args(action_params)
named_args = runner._transform_named_args(named_args)
shell_script_action = ShellScriptAction(name='dummy', action_exec_id='dummy',
script_local_path_abs='/tmp/local.sh',
named_args=named_args,
positional_args=positional_args)
command_string = shell_script_action.get_full_command_string()
expected = '/tmp/local.sh st2web 3.1.0 StackStorm1 master 1 /tmp/repob'
self.assertEqual(command_string, expected)
# 3. None is specified for a boolean parameter, should use a default
live_action_db_parameters = {
'project': 'st2rbac',
'version': '3.2.0',
'fork': 'StackStorm2',
'update_changelog': None,
'local_repo': '/tmp/repoc'
}
runner_params, action_params = param_utils.render_final_params(runner_parameters,
action_db_parameters,
live_action_db_parameters,
context)
self.assertDictEqual(action_params, {
'project': 'st2rbac',
'version': '3.2.0',
'fork': 'StackStorm2',
'branch': 'master', # default value used
'update_changelog': False, # default value used
'local_repo': '/tmp/repoc'
})
action_db.parameters = action_db_parameters
positional_args, named_args = runner._get_script_args(action_params)
named_args = runner._transform_named_args(named_args)
shell_script_action = ShellScriptAction(name='dummy', action_exec_id='dummy',
script_local_path_abs='/tmp/local.sh',
named_args=named_args,
positional_args=positional_args)
command_string = shell_script_action.get_full_command_string()
expected = '/tmp/local.sh st2rbac 3.2.0 StackStorm2 master 0 /tmp/repoc'
self.assertEqual(command_string, expected)
def test_user_argument(self):
# User is the same as logged user, no sudo should be used
kwargs = copy.deepcopy(self._base_kwargs)
kwargs["sudo"] = False
kwargs["user"] = LOGGED_USER_USERNAME
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
self.assertEqual(command, "/tmp/foo.sh")
# User is different, sudo should be used
kwargs = copy.deepcopy(self._base_kwargs)
kwargs["sudo"] = False
kwargs["user"] = "******"
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
self.assertEqual(command,
"sudo -E -H -u mauser -- bash -c /tmp/foo.sh")
# sudo with password
kwargs = copy.deepcopy(self._base_kwargs)
kwargs["sudo"] = False
kwargs["user"] = "******"
kwargs["sudo_password"] = "******"
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected_command = "sudo -S -E -H -u mauser -- bash -c /tmp/foo.sh"
self.assertEqual(command, expected_command)
# complex sudo password which needs escaping
kwargs = copy.deepcopy(self._base_kwargs)
kwargs["sudo"] = False
kwargs["user"] = "******"
kwargs["sudo_password"] = "******"sss"
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected_command = "sudo -S -E -H " "-u mauser -- bash -c /tmp/foo.sh"
self.assertEqual(command, expected_command)
command = action.get_sanitized_full_command_string()
expected_command = ("echo -e '%s\n' | sudo -S -E -H "
"-u mauser -- bash -c /tmp/foo.sh" %
(MASKED_ATTRIBUTE_VALUE))
self.assertEqual(command, expected_command)
# sudo is used, it doesn't matter what user is specified since the
# command should run as root
kwargs = copy.deepcopy(self._base_kwargs)
kwargs["sudo"] = True
kwargs["user"] = "******"
kwargs["sudo_password"] = "******"
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected_command = "sudo -S -E -- bash -c /tmp/foo.sh"
self.assertEqual(command, expected_command)
def test_command_construction_with_parameters(self):
# same user, named args, no positional args
kwargs = copy.deepcopy(self._base_kwargs)
kwargs["sudo"] = False
kwargs["user"] = LOGGED_USER_USERNAME
kwargs["named_args"] = OrderedDict([("key1", "value1"),
("key2", "value2")])
kwargs["positional_args"] = []
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
self.assertEqual(command, "/tmp/foo.sh key1=value1 key2=value2")
# same user, named args, no positional args, sudo password
kwargs = copy.deepcopy(self._base_kwargs)
kwargs["sudo"] = True
kwargs["sudo_password"] = "******"
kwargs["user"] = LOGGED_USER_USERNAME
kwargs["named_args"] = OrderedDict([("key1", "value1"),
("key2", "value2")])
kwargs["positional_args"] = []
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected = "sudo -S -E -- bash -c " "'/tmp/foo.sh key1=value1 key2=value2'"
self.assertEqual(command, expected)
# different user, named args, no positional args
kwargs = copy.deepcopy(self._base_kwargs)
kwargs["sudo"] = False
kwargs["user"] = "******"
kwargs["named_args"] = OrderedDict([("key1", "value1"),
("key2", "value2")])
kwargs["positional_args"] = []
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected = (
"sudo -E -H -u mauser -- bash -c '/tmp/foo.sh key1=value1 key2=value2'"
)
self.assertEqual(command, expected)
# different user, named args, no positional args, sudo password
kwargs = copy.deepcopy(self._base_kwargs)
kwargs["sudo"] = False
kwargs["sudo_password"] = "******"
kwargs["user"] = "******"
kwargs["named_args"] = OrderedDict([("key1", "value1"),
("key2", "value2")])
kwargs["positional_args"] = []
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected = ("sudo -S -E -H -u mauser -- bash -c "
"'/tmp/foo.sh key1=value1 key2=value2'")
self.assertEqual(command, expected)
# same user, positional args, no named args
kwargs = copy.deepcopy(self._base_kwargs)
kwargs["sudo"] = False
kwargs["user"] = LOGGED_USER_USERNAME
kwargs["named_args"] = {}
kwargs["positional_args"] = [
"ein", "zwei", "drei", "mamma mia", "foo\nbar"
]
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
self.assertEqual(command,
"/tmp/foo.sh ein zwei drei 'mamma mia' 'foo\nbar'")
# different user, named args, positional args
kwargs = copy.deepcopy(self._base_kwargs)
kwargs["sudo"] = False
kwargs["user"] = "******"
kwargs["named_args"] = {}
kwargs["positional_args"] = ["ein", "zwei", "drei", "mamma mia"]
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
ex = ("sudo -E -H -u mauser -- "
"bash -c '/tmp/foo.sh ein zwei drei '\"'\"'mamma mia'\"'\"''")
self.assertEqual(command, ex)
# same user, positional and named args
kwargs = copy.deepcopy(self._base_kwargs)
kwargs["sudo"] = False
kwargs["user"] = LOGGED_USER_USERNAME
kwargs["named_args"] = OrderedDict([("key1", "value1"),
("key2", "value2"),
("key3", "value 3")])
kwargs["positional_args"] = ["ein", "zwei", "drei"]
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
exp = "/tmp/foo.sh key1=value1 key2=value2 key3='value 3' ein zwei drei"
self.assertEqual(command, exp)
# different user, positional and named args
kwargs = copy.deepcopy(self._base_kwargs)
kwargs["sudo"] = False
kwargs["user"] = "******"
kwargs["named_args"] = OrderedDict([("key1", "value1"),
("key2", "value2"),
("key3", "value 3")])
kwargs["positional_args"] = ["ein", "zwei", "drei"]
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected = (
"sudo -E -H -u mauser -- bash -c '/tmp/foo.sh key1=value1 key2=value2 "
"key3='\"'\"'value 3'\"'\"' ein zwei drei'")
self.assertEqual(command, expected)
def test_command_construction_with_parameters(self):
# same user, named args, no positional args
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = LOGGED_USER_USERNAME
kwargs['named_args'] = {'key1': 'value1', 'key2': 'value2'}
kwargs['positional_args'] = []
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
self.assertEqual(command, '/tmp/foo.sh key2=value2 key1=value1')
# different user, named args, no positional args
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = '******'
kwargs['named_args'] = {'key1': 'value1', 'key2': 'value2'}
kwargs['positional_args'] = ''
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected = 'sudo -E -u mauser -- bash -c \'/tmp/foo.sh key2=value2 key1=value1\''
self.assertEqual(command, expected)
# same user, positional args, no named args
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = LOGGED_USER_USERNAME
kwargs['named_args'] = {}
kwargs['positional_args'] = 'ein zwei drei'
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
self.assertEqual(command, '/tmp/foo.sh ein zwei drei')
# different user, named args, positional args
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = '******'
kwargs['named_args'] = {}
kwargs['positional_args'] = 'ein zwei drei'
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected = 'sudo -E -u mauser -- bash -c \'/tmp/foo.sh ein zwei drei\''
self.assertEqual(command, expected)
# same user, positional and named args
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = LOGGED_USER_USERNAME
kwargs['named_args'] = {'key1': 'value1', 'key2': 'value2'}
kwargs['positional_args'] = 'ein zwei drei'
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
self.assertEqual(command,
'/tmp/foo.sh key2=value2 key1=value1 ein zwei drei')
# different user, positional and named args
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = '******'
kwargs['named_args'] = {'key1': 'value1', 'key2': 'value2'}
kwargs['positional_args'] = 'ein zwei drei'
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected = ('sudo -E -u mauser -- bash -c \'/tmp/foo.sh key2=value2 '
'key1=value1 ein zwei drei\'')
self.assertEqual(command, expected)
def test_command_construction_correct_default_parameter_values_are_used(self):
runner_parameters = {}
action_db_parameters = {
'project': {
'type': 'string',
'default': 'st2',
'position': 0,
},
'version': {
'type': 'string',
'position': 1,
'required': True
},
'fork': {
'type': 'string',
'position': 2,
'default': 'StackStorm',
},
'branch': {
'type': 'string',
'position': 3,
'default': 'master',
},
'update_mistral': {
'type': 'boolean',
'position': 4,
'default': False
},
'update_changelog': {
'type': 'boolean',
'position': 5,
'default': False
},
'local_repo': {
'type': 'string',
'position': 6,
}
}
context = {}
action_db = ActionDB(pack='dummy', name='action')
runner = LocalShellScriptRunner('id')
runner.runner_parameters = {}
runner.action = action_db
# 1. All default values used
live_action_db_parameters = {
'project': 'st2flow',
'version': '3.0.0',
'fork': 'StackStorm',
'local_repo': '/tmp/repo'
}
runner_params, action_params = param_utils.render_final_params(runner_parameters,
action_db_parameters,
live_action_db_parameters,
context)
self.assertDictEqual(action_params, {
'project': 'st2flow',
'version': '3.0.0',
'fork': 'StackStorm',
'branch': 'master', # default value used
'update_mistral': False, # default value used
'update_changelog': False, # default value used
'local_repo': '/tmp/repo'
})
action_db.parameters = action_db_parameters
positional_args, named_args = runner._get_script_args(action_params)
named_args = runner._transform_named_args(named_args)
shell_script_action = ShellScriptAction(name='dummy', action_exec_id='dummy',
script_local_path_abs='/tmp/local.sh',
named_args=named_args,
positional_args=positional_args)
command_string = shell_script_action.get_full_command_string()
expected = '/tmp/local.sh st2flow 3.0.0 StackStorm master 0 0 /tmp/repo'
self.assertEqual(command_string, expected)
# 2. Some default values used
live_action_db_parameters = {
'project': 'st2web',
'version': '3.1.0',
'fork': 'StackStorm1',
'update_changelog': True,
'local_repo': '/tmp/repob'
}
runner_params, action_params = param_utils.render_final_params(runner_parameters,
action_db_parameters,
live_action_db_parameters,
context)
self.assertDictEqual(action_params, {
'project': 'st2web',
'version': '3.1.0',
'fork': 'StackStorm1',
'branch': 'master', # default value used
'update_mistral': False, # default value used
'update_changelog': True, # default value used
'local_repo': '/tmp/repob'
})
action_db.parameters = action_db_parameters
positional_args, named_args = runner._get_script_args(action_params)
named_args = runner._transform_named_args(named_args)
shell_script_action = ShellScriptAction(name='dummy', action_exec_id='dummy',
script_local_path_abs='/tmp/local.sh',
named_args=named_args,
positional_args=positional_args)
command_string = shell_script_action.get_full_command_string()
expected = '/tmp/local.sh st2web 3.1.0 StackStorm1 master 0 1 /tmp/repob'
self.assertEqual(command_string, expected)
# 3. None is specified for a boolean parameter, should use a default
live_action_db_parameters = {
'project': 'st2rbac',
'version': '3.2.0',
'fork': 'StackStorm2',
'update_changelog': None,
'local_repo': '/tmp/repoc'
}
runner_params, action_params = param_utils.render_final_params(runner_parameters,
action_db_parameters,
live_action_db_parameters,
context)
self.assertDictEqual(action_params, {
'project': 'st2rbac',
'version': '3.2.0',
'fork': 'StackStorm2',
'branch': 'master', # default value used
'update_mistral': False, # default value used
'update_changelog': False, # default value used
'local_repo': '/tmp/repoc'
})
action_db.parameters = action_db_parameters
positional_args, named_args = runner._get_script_args(action_params)
named_args = runner._transform_named_args(named_args)
shell_script_action = ShellScriptAction(name='dummy', action_exec_id='dummy',
script_local_path_abs='/tmp/local.sh',
named_args=named_args,
positional_args=positional_args)
command_string = shell_script_action.get_full_command_string()
expected = '/tmp/local.sh st2rbac 3.2.0 StackStorm2 master 0 0 /tmp/repoc'
self.assertEqual(command_string, expected)
def run(self, action_parameters):
env_vars = self._env
if not self.entry_point:
script_action = False
command = self.runner_parameters.get(RUNNER_COMMAND, None)
action = ShellCommandAction(name=self.action_name,
action_exec_id=str(self.liveaction_id),
command=command,
user=self._user,
env_vars=env_vars,
sudo=self._sudo,
timeout=self._timeout)
else:
script_action = True
script_local_path_abs = self.entry_point
positional_args, named_args = self._get_script_args(
action_parameters)
named_args = self._transform_named_args(named_args)
action = ShellScriptAction(
name=self.action_name,
action_exec_id=str(self.liveaction_id),
script_local_path_abs=script_local_path_abs,
named_args=named_args,
positional_args=positional_args,
user=self._user,
env_vars=env_vars,
sudo=self._sudo,
timeout=self._timeout,
cwd=self._cwd)
args = action.get_full_command_string()
# For consistency with the old Fabric based runner, make sure the file is executable
if script_action:
args = 'chmod +x %s ; %s' % (script_local_path_abs, args)
env = os.environ.copy()
# Include user provided env vars (if any)
env.update(env_vars)
# Include common st2 env vars
st2_env_vars = self._get_common_action_env_variables()
env.update(st2_env_vars)
LOG.info('Executing action via LocalRunner: %s', self.runner_id)
LOG.info(
'[Action info] name: %s, Id: %s, command: %s, user: %s, sudo: %s' %
(action.name, action.action_exec_id, args, action.user,
action.sudo))
# Make sure os.setsid is called on each spawned process so that all processes
# are in the same group.
# Process is started as sudo -u {{system_user}} -- bash -c {{command}}. Introduction of the
# bash means that multiple independent processes are spawned without them being
# children of the process we have access to and this requires use of pkill.
# Ideally os.killpg should have done the trick but for some reason that failed.
# Note: pkill will set the returncode to 143 so we don't need to explicitly set
# it to some non-zero value.
exit_code, stdout, stderr, timed_out = run_command(
cmd=args,
stdin=None,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
shell=True,
cwd=self._cwd,
env=env,
timeout=self._timeout,
preexec_func=os.setsid,
kill_func=kill_process)
error = None
if timed_out:
error = 'Action failed to complete in %s seconds' % (self._timeout)
exit_code = -9
succeeded = (exit_code == 0)
result = {
'failed': not succeeded,
'succeeded': succeeded,
'return_code': exit_code,
'stdout': strip_shell_chars(stdout),
'stderr': strip_shell_chars(stderr)
}
if error:
result['error'] = error
if exit_code == 0:
status = LIVEACTION_STATUS_SUCCEEDED
elif timed_out:
status = LIVEACTION_STATUS_TIMED_OUT
else:
status = LIVEACTION_STATUS_FAILED
return (status,
jsonify.json_loads(result,
LocalShellRunner.KEYS_TO_TRANSFORM), None)
def test_command_construction_correct_default_parameter_values_are_used(
self):
runner_parameters = {}
action_db_parameters = {
"project": {
"type": "string",
"default": "st2",
"position": 0,
},
"version": {
"type": "string",
"position": 1,
"required": True
},
"fork": {
"type": "string",
"position": 2,
"default": "StackStorm",
},
"branch": {
"type": "string",
"position": 3,
"default": "master",
},
"update_changelog": {
"type": "boolean",
"position": 4,
"default": False
},
"local_repo": {
"type": "string",
"position": 5,
},
}
context = {}
action_db = ActionDB(pack="dummy", name="action")
runner = LocalShellScriptRunner("id")
runner.runner_parameters = {}
runner.action = action_db
# 1. All default values used
live_action_db_parameters = {
"project": "st2flow",
"version": "3.0.0",
"fork": "StackStorm",
"local_repo": "/tmp/repo",
}
runner_params, action_params = param_utils.render_final_params(
runner_parameters, action_db_parameters, live_action_db_parameters,
context)
self.assertDictEqual(
action_params,
{
"project": "st2flow",
"version": "3.0.0",
"fork": "StackStorm",
"branch": "master", # default value used
"update_changelog": False, # default value used
"local_repo": "/tmp/repo",
},
)
action_db.parameters = action_db_parameters
positional_args, named_args = runner._get_script_args(action_params)
named_args = runner._transform_named_args(named_args)
shell_script_action = ShellScriptAction(
name="dummy",
action_exec_id="dummy",
script_local_path_abs="/tmp/local.sh",
named_args=named_args,
positional_args=positional_args,
)
command_string = shell_script_action.get_full_command_string()
expected = "/tmp/local.sh st2flow 3.0.0 StackStorm master 0 /tmp/repo"
self.assertEqual(command_string, expected)
# 2. Some default values used
live_action_db_parameters = {
"project": "st2web",
"version": "3.1.0",
"fork": "StackStorm1",
"update_changelog": True,
"local_repo": "/tmp/repob",
}
runner_params, action_params = param_utils.render_final_params(
runner_parameters, action_db_parameters, live_action_db_parameters,
context)
self.assertDictEqual(
action_params,
{
"project": "st2web",
"version": "3.1.0",
"fork": "StackStorm1",
"branch": "master", # default value used
"update_changelog": True, # default value used
"local_repo": "/tmp/repob",
},
)
action_db.parameters = action_db_parameters
positional_args, named_args = runner._get_script_args(action_params)
named_args = runner._transform_named_args(named_args)
shell_script_action = ShellScriptAction(
name="dummy",
action_exec_id="dummy",
script_local_path_abs="/tmp/local.sh",
named_args=named_args,
positional_args=positional_args,
)
command_string = shell_script_action.get_full_command_string()
expected = "/tmp/local.sh st2web 3.1.0 StackStorm1 master 1 /tmp/repob"
self.assertEqual(command_string, expected)
# 3. None is specified for a boolean parameter, should use a default
live_action_db_parameters = {
"project": "st2rbac",
"version": "3.2.0",
"fork": "StackStorm2",
"update_changelog": None,
"local_repo": "/tmp/repoc",
}
runner_params, action_params = param_utils.render_final_params(
runner_parameters, action_db_parameters, live_action_db_parameters,
context)
self.assertDictEqual(
action_params,
{
"project": "st2rbac",
"version": "3.2.0",
"fork": "StackStorm2",
"branch": "master", # default value used
"update_changelog": False, # default value used
"local_repo": "/tmp/repoc",
},
)
action_db.parameters = action_db_parameters
positional_args, named_args = runner._get_script_args(action_params)
named_args = runner._transform_named_args(named_args)
shell_script_action = ShellScriptAction(
name="dummy",
action_exec_id="dummy",
script_local_path_abs="/tmp/local.sh",
named_args=named_args,
positional_args=positional_args,
)
command_string = shell_script_action.get_full_command_string()
expected = "/tmp/local.sh st2rbac 3.2.0 StackStorm2 master 0 /tmp/repoc"
self.assertEqual(command_string, expected)
def test_command_construction_with_parameters(self):
# same user, named args, no positional args
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = LOGGED_USER_USERNAME
kwargs['named_args'] = OrderedDict([
('key1', 'value1'),
('key2', 'value2')
])
kwargs['positional_args'] = []
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
self.assertEqual(command, '/tmp/foo.sh key1=value1 key2=value2')
# same user, named args, no positional args, sudo password
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = True
kwargs['sudo_password'] = '******'
kwargs['user'] = LOGGED_USER_USERNAME
kwargs['named_args'] = OrderedDict([
('key1', 'value1'),
('key2', 'value2')
])
kwargs['positional_args'] = []
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected = ('sudo -S -E -- bash -c '
'\'/tmp/foo.sh key1=value1 key2=value2\'')
self.assertEqual(command, expected)
# different user, named args, no positional args
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = '******'
kwargs['named_args'] = OrderedDict([
('key1', 'value1'),
('key2', 'value2')
])
kwargs['positional_args'] = []
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected = 'sudo -E -H -u mauser -- bash -c \'/tmp/foo.sh key1=value1 key2=value2\''
self.assertEqual(command, expected)
# different user, named args, no positional args, sudo password
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['sudo_password'] = '******'
kwargs['user'] = '******'
kwargs['named_args'] = OrderedDict([
('key1', 'value1'),
('key2', 'value2')
])
kwargs['positional_args'] = []
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected = ('sudo -S -E -H -u mauser -- bash -c '
'\'/tmp/foo.sh key1=value1 key2=value2\'')
self.assertEqual(command, expected)
# same user, positional args, no named args
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = LOGGED_USER_USERNAME
kwargs['named_args'] = {}
kwargs['positional_args'] = ['ein', 'zwei', 'drei', 'mamma mia', 'foo\nbar']
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
self.assertEqual(command, '/tmp/foo.sh ein zwei drei \'mamma mia\' \'foo\nbar\'')
# different user, named args, positional args
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = '******'
kwargs['named_args'] = {}
kwargs['positional_args'] = ['ein', 'zwei', 'drei', 'mamma mia']
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
ex = ('sudo -E -H -u mauser -- '
'bash -c \'/tmp/foo.sh ein zwei drei \'"\'"\'mamma mia\'"\'"\'\'')
self.assertEqual(command, ex)
# same user, positional and named args
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = LOGGED_USER_USERNAME
kwargs['named_args'] = OrderedDict([
('key1', 'value1'),
('key2', 'value2'),
('key3', 'value 3')
])
kwargs['positional_args'] = ['ein', 'zwei', 'drei']
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
exp = '/tmp/foo.sh key1=value1 key2=value2 key3=\'value 3\' ein zwei drei'
self.assertEqual(command, exp)
# different user, positional and named args
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = '******'
kwargs['named_args'] = OrderedDict([
('key1', 'value1'),
('key2', 'value2'),
('key3', 'value 3')
])
kwargs['positional_args'] = ['ein', 'zwei', 'drei']
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected = ('sudo -E -H -u mauser -- bash -c \'/tmp/foo.sh key1=value1 key2=value2 '
'key3=\'"\'"\'value 3\'"\'"\' ein zwei drei\'')
self.assertEqual(command, expected)
def test_user_argument(self):
# User is the same as logged user, no sudo should be used
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = LOGGED_USER_USERNAME
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
self.assertEqual(command, '/tmp/foo.sh')
# User is different, sudo should be used
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = '******'
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
self.assertEqual(command, 'sudo -E -H -u mauser -- bash -c /tmp/foo.sh')
# sudo with password
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = '******'
kwargs['sudo_password'] = '******'
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected_command = 'sudo -S -E -H -u mauser -- bash -c /tmp/foo.sh'
self.assertEqual(command, expected_command)
# complex sudo password which needs escaping
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = '******'
kwargs['sudo_password'] = '******'as"sss'
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected_command = ('sudo -S -E -H '
'-u mauser -- bash -c /tmp/foo.sh')
self.assertEqual(command, expected_command)
command = action.get_sanitized_full_command_string()
expected_command = ('echo -e \'%s\n\' | sudo -S -E -H '
'-u mauser -- bash -c /tmp/foo.sh' % (MASKED_ATTRIBUTE_VALUE))
self.assertEqual(command, expected_command)
# sudo is used, it doesn't matter what user is specified since the
# command should run as root
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = True
kwargs['user'] = '******'
kwargs['sudo_password'] = '******'
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected_command = 'sudo -S -E -- bash -c /tmp/foo.sh'
self.assertEqual(command, expected_command)
def test_command_construction_with_parameters(self):
# same user, named args, no positional args
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = LOGGED_USER_USERNAME
kwargs['named_args'] = OrderedDict([
('key1', 'value1'),
('key2', 'value2')
])
kwargs['positional_args'] = []
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
self.assertEqual(command, '/tmp/foo.sh key1=value1 key2=value2')
# same user, named args, no positional args, sudo password
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = True
kwargs['sudo_password'] = '******'
kwargs['user'] = LOGGED_USER_USERNAME
kwargs['named_args'] = OrderedDict([
('key1', 'value1'),
('key2', 'value2')
])
kwargs['positional_args'] = []
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected = ('sudo -S -E -- bash -c '
'\'/tmp/foo.sh key1=value1 key2=value2\'')
self.assertEqual(command, expected)
# different user, named args, no positional args
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = '******'
kwargs['named_args'] = OrderedDict([
('key1', 'value1'),
('key2', 'value2')
])
kwargs['positional_args'] = []
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected = 'sudo -E -H -u mauser -- bash -c \'/tmp/foo.sh key1=value1 key2=value2\''
self.assertEqual(command, expected)
# different user, named args, no positional args, sudo password
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['sudo_password'] = '******'
kwargs['user'] = '******'
kwargs['named_args'] = OrderedDict([
('key1', 'value1'),
('key2', 'value2')
])
kwargs['positional_args'] = []
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected = ('sudo -S -E -H -u mauser -- bash -c '
'\'/tmp/foo.sh key1=value1 key2=value2\'')
self.assertEqual(command, expected)
# same user, positional args, no named args
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = LOGGED_USER_USERNAME
kwargs['named_args'] = {}
kwargs['positional_args'] = ['ein', 'zwei', 'drei', 'mamma mia', 'foo\nbar']
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
self.assertEqual(command, '/tmp/foo.sh ein zwei drei \'mamma mia\' \'foo\nbar\'')
# different user, named args, positional args
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = '******'
kwargs['named_args'] = {}
kwargs['positional_args'] = ['ein', 'zwei', 'drei', 'mamma mia']
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
ex = ('sudo -E -H -u mauser -- '
'bash -c \'/tmp/foo.sh ein zwei drei \'"\'"\'mamma mia\'"\'"\'\'')
self.assertEqual(command, ex)
# same user, positional and named args
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = LOGGED_USER_USERNAME
kwargs['named_args'] = OrderedDict([
('key1', 'value1'),
('key2', 'value2'),
('key3', 'value 3')
])
kwargs['positional_args'] = ['ein', 'zwei', 'drei']
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
exp = '/tmp/foo.sh key1=value1 key2=value2 key3=\'value 3\' ein zwei drei'
self.assertEqual(command, exp)
# different user, positional and named args
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = '******'
kwargs['named_args'] = OrderedDict([
('key1', 'value1'),
('key2', 'value2'),
('key3', 'value 3')
])
kwargs['positional_args'] = ['ein', 'zwei', 'drei']
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected = ('sudo -E -H -u mauser -- bash -c \'/tmp/foo.sh key1=value1 key2=value2 '
'key3=\'"\'"\'value 3\'"\'"\' ein zwei drei\'')
self.assertEqual(command, expected)
def run(self, action_parameters):
env_vars = self._env
if not self.entry_point:
script_action = False
command = self.runner_parameters.get(RUNNER_COMMAND, None)
action = ShellCommandAction(name=self.action_name,
action_exec_id=str(self.liveaction_id),
command=command,
user=self._user,
env_vars=env_vars,
sudo=self._sudo,
timeout=self._timeout,
sudo_password=self._sudo_password)
else:
script_action = True
script_local_path_abs = self.entry_point
positional_args, named_args = self._get_script_args(action_parameters)
named_args = self._transform_named_args(named_args)
action = ShellScriptAction(name=self.action_name,
action_exec_id=str(self.liveaction_id),
script_local_path_abs=script_local_path_abs,
named_args=named_args,
positional_args=positional_args,
user=self._user,
env_vars=env_vars,
sudo=self._sudo,
timeout=self._timeout,
cwd=self._cwd,
sudo_password=self._sudo_password)
args = action.get_full_command_string()
sanitized_args = action.get_sanitized_full_command_string()
# For consistency with the old Fabric based runner, make sure the file is executable
if script_action:
args = 'chmod +x %s ; %s' % (script_local_path_abs, args)
sanitized_args = 'chmod +x %s ; %s' % (script_local_path_abs, sanitized_args)
env = os.environ.copy()
# Include user provided env vars (if any)
env.update(env_vars)
# Include common st2 env vars
st2_env_vars = self._get_common_action_env_variables()
env.update(st2_env_vars)
LOG.info('Executing action via LocalRunner: %s', self.runner_id)
LOG.info('[Action info] name: %s, Id: %s, command: %s, user: %s, sudo: %s' %
(action.name, action.action_exec_id, sanitized_args, action.user, action.sudo))
stdout = StringIO()
stderr = StringIO()
store_execution_stdout_line = functools.partial(store_execution_output_data,
output_type='stdout')
store_execution_stderr_line = functools.partial(store_execution_output_data,
output_type='stderr')
read_and_store_stdout = make_read_and_store_stream_func(execution_db=self.execution,
action_db=self.action, store_data_func=store_execution_stdout_line)
read_and_store_stderr = make_read_and_store_stream_func(execution_db=self.execution,
action_db=self.action, store_data_func=store_execution_stderr_line)
# If sudo password is provided, pass it to the subprocess via stdin>
# Note: We don't need to explicitly escape the argument because we pass command as a list
# to subprocess.Popen and all the arguments are escaped by the function.
if self._sudo_password:
LOG.debug('Supplying sudo password via stdin')
echo_process = subprocess.Popen(['echo', self._sudo_password + '\n'],
stdout=subprocess.PIPE)
stdin = echo_process.stdout
else:
stdin = None
# Make sure os.setsid is called on each spawned process so that all processes
# are in the same group.
# Process is started as sudo -u {{system_user}} -- bash -c {{command}}. Introduction of the
# bash means that multiple independent processes are spawned without them being
# children of the process we have access to and this requires use of pkill.
# Ideally os.killpg should have done the trick but for some reason that failed.
# Note: pkill will set the returncode to 143 so we don't need to explicitly set
# it to some non-zero value.
exit_code, stdout, stderr, timed_out = shell.run_command(cmd=args,
stdin=stdin,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
shell=True,
cwd=self._cwd,
env=env,
timeout=self._timeout,
preexec_func=os.setsid,
kill_func=kill_process,
read_stdout_func=read_and_store_stdout,
read_stderr_func=read_and_store_stderr,
read_stdout_buffer=stdout,
read_stderr_buffer=stderr)
error = None
if timed_out:
error = 'Action failed to complete in %s seconds' % (self._timeout)
exit_code = -1 * exit_code_constants.SIGKILL_EXIT_CODE
# Detect if user provided an invalid sudo password or sudo is not configured for that user
if self._sudo_password:
if re.search('sudo: \d+ incorrect password attempts', stderr):
match = re.search('\[sudo\] password for (.+?)\:', stderr)
if match:
username = match.groups()[0]
else:
username = '******'
error = ('Invalid sudo password provided or sudo is not configured for this user '
'(%s)' % (username))
exit_code = -1
succeeded = (exit_code == exit_code_constants.SUCCESS_EXIT_CODE)
result = {
'failed': not succeeded,
'succeeded': succeeded,
'return_code': exit_code,
'stdout': strip_shell_chars(stdout),
'stderr': strip_shell_chars(stderr)
}
if error:
result['error'] = error
status = PROC_EXIT_CODE_TO_LIVEACTION_STATUS_MAP.get(
str(exit_code),
action_constants.LIVEACTION_STATUS_FAILED
)
return (status, jsonify.json_loads(result, LocalShellRunner.KEYS_TO_TRANSFORM), None)
def test_user_argument(self):
# User is the same as logged user, no sudo should be used
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = LOGGED_USER_USERNAME
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
self.assertEqual(command, '/tmp/foo.sh')
# User is different, sudo should be used
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = '******'
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
self.assertEqual(command, 'sudo -E -H -u mauser -- bash -c /tmp/foo.sh')
# sudo with password
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = '******'
kwargs['sudo_password'] = '******'
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected_command = 'sudo -S -E -H -u mauser -- bash -c /tmp/foo.sh'
self.assertEqual(command, expected_command)
# complex sudo password which needs escaping
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = False
kwargs['user'] = '******'
kwargs['sudo_password'] = '******'as"sss'
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected_command = ('sudo -S -E -H '
'-u mauser -- bash -c /tmp/foo.sh')
self.assertEqual(command, expected_command)
command = action.get_sanitized_full_command_string()
expected_command = ('echo -e \'%s\n\' | sudo -S -E -H '
'-u mauser -- bash -c /tmp/foo.sh' % (MASKED_ATTRIBUTE_VALUE))
self.assertEqual(command, expected_command)
# sudo is used, it doesn't matter what user is specified since the
# command should run as root
kwargs = copy.deepcopy(self._base_kwargs)
kwargs['sudo'] = True
kwargs['user'] = '******'
kwargs['sudo_password'] = '******'
action = ShellScriptAction(**kwargs)
command = action.get_full_command_string()
expected_command = 'sudo -S -E -- bash -c /tmp/foo.sh'
self.assertEqual(command, expected_command)