def test_named_parameter_escaping(self):
        # no sudo
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = LOGGED_USER_USERNAME
        kwargs['named_args'] = OrderedDict([
            ('key1', 'value foo bar'),
            ('key2', 'value "bar" foo'),
            ('key3', 'date ; whoami'),
            ('key4', '"date ; whoami"'),
        ])
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        expected = self._get_fixture('escaping_test_command_1.txt')
        self.assertEqual(command, expected)

        # sudo
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = True
        kwargs['user'] = LOGGED_USER_USERNAME
        kwargs['named_args'] = OrderedDict([
            ('key1', 'value foo bar'),
            ('key2', 'value "bar" foo'),
            ('key3', 'date ; whoami'),
            ('key4', '"date ; whoami"'),
        ])
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        expected = self._get_fixture('escaping_test_command_2.txt')
        self.assertEqual(command, expected)
Example #2
0
    def generate_arg(st2_arg, value):
        dummy_action = ShellScriptAction('', '', '')

        # noinspection PyProtectedMember
        arg = dummy_action._get_script_arguments(named_args={st2_arg: value})
        arg = ' '.join(shlex.split(arg))

        return arg
 def test_various_ascii_parameters(self):
     kwargs = copy.deepcopy(self._base_kwargs)
     kwargs['sudo'] = False
     kwargs['user'] = LOGGED_USER_USERNAME
     kwargs['named_args'] = {'foo1': 'bar1', 'foo2': 'bar2'}
     kwargs['positional_args'] = []
     action = ShellScriptAction(**kwargs)
     command = action.get_full_command_string()
     self.assertEqual(command, u"/tmp/foo.sh foo1=bar1 foo2=bar2")
 def test_unicode_parameter_specifing(self):
     kwargs = copy.deepcopy(self._base_kwargs)
     kwargs['sudo'] = False
     kwargs['user'] = LOGGED_USER_USERNAME
     kwargs['named_args'] = {u'foo': u'bar'}
     kwargs['positional_args'] = []
     action = ShellScriptAction(**kwargs)
     command = action.get_full_command_string()
     self.assertEqual(command, u"/tmp/foo.sh 'foo'='bar'")
Example #5
0
 def test_various_ascii_parameters(self):
     kwargs = copy.deepcopy(self._base_kwargs)
     kwargs["sudo"] = False
     kwargs["user"] = LOGGED_USER_USERNAME
     kwargs["named_args"] = {"foo1": "bar1", "foo2": "bar2"}
     kwargs["positional_args"] = []
     action = ShellScriptAction(**kwargs)
     command = action.get_full_command_string()
     self.assertEqual(command, "/tmp/foo.sh foo1=bar1 foo2=bar2")
 def test_unicode_parameter_specifing(self):
     kwargs = copy.deepcopy(self._base_kwargs)
     kwargs['sudo'] = False
     kwargs['user'] = LOGGED_USER_USERNAME
     kwargs['named_args'] = {u'foo': u'bar'}
     kwargs['positional_args'] = []
     action = ShellScriptAction(**kwargs)
     command = action.get_full_command_string()
     self.assertEqual(command, u"/tmp/foo.sh 'foo'='bar'")
 def test_various_ascii_parameters(self):
     kwargs = copy.deepcopy(self._base_kwargs)
     kwargs['sudo'] = False
     kwargs['user'] = LOGGED_USER_USERNAME
     kwargs['named_args'] = {'foo1': 'bar1', 'foo2': 'bar2'}
     kwargs['positional_args'] = []
     action = ShellScriptAction(**kwargs)
     command = action.get_full_command_string()
     self.assertEqual(command, u"/tmp/foo.sh foo1=bar1 foo2=bar2")
Example #8
0
 def test_unicode_parameter_specifing(self):
     kwargs = copy.deepcopy(self._base_kwargs)
     kwargs["sudo"] = False
     kwargs["user"] = LOGGED_USER_USERNAME
     kwargs["named_args"] = {"foo": "bar"}
     kwargs["positional_args"] = []
     action = ShellScriptAction(**kwargs)
     command = action.get_full_command_string()
     self.assertEqual(command, "/tmp/foo.sh 'foo'='bar'")
Example #9
0
    def test_user_argument(self):
        # User is the same as logged user, no sudo should be used
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = LOGGED_USER_USERNAME
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        self.assertEqual(command, '/tmp/foo.sh')

        # User is different, sudo should be used
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = '******'
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        self.assertEqual(command, 'sudo -E -u mauser -- bash -c /tmp/foo.sh')

        # sudo is used, it doesn't matter what user is specified since the
        # command should run as root
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = True
        kwargs['user'] = '******'
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        self.assertEqual(command, 'sudo -E -- bash -c /tmp/foo.sh')
Example #10
0
    def test_named_parameter_escaping(self):
        # no sudo
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = LOGGED_USER_USERNAME
        kwargs['named_args'] = {
            'key1': 'value foo bar',
            'key2': 'value "bar" foo',
            'key3': 'date ; whoami',
            'key4': '"date ; whoami"',
        }
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        expected = self._get_fixture('escaping_test_command_1.txt')
        self.assertEqual(command, expected)

        # sudo
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = True
        kwargs['user'] = LOGGED_USER_USERNAME
        kwargs['named_args'] = {
            'key1': 'value foo bar',
            'key2': 'value "bar" foo',
            'key3': 'date ; whoami',
            'key4': '"date ; whoami"',
        }
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        expected = self._get_fixture('escaping_test_command_2.txt')
        self.assertEqual(command, expected)
    def test_user_argument(self):
        # User is the same as logged user, no sudo should be used
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = LOGGED_USER_USERNAME
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        self.assertEqual(command, '/tmp/foo.sh')

        # User is different, sudo should be used
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = '******'
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        self.assertEqual(command, 'sudo -E -u mauser -- bash -c /tmp/foo.sh')

        # sudo is used, it doesn't matter what user is specified since the
        # command should run as root
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = True
        kwargs['user'] = '******'
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        self.assertEqual(command, 'sudo -E -- bash -c /tmp/foo.sh')
Example #12
0
    def test_named_parameter_escaping(self):
        # no sudo
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs["sudo"] = False
        kwargs["user"] = LOGGED_USER_USERNAME
        kwargs["named_args"] = OrderedDict([
            ("key1", "value foo bar"),
            ("key2", 'value "bar" foo'),
            ("key3", "date ; whoami"),
            ("key4", '"date ; whoami"'),
        ])
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        expected = self._get_fixture("escaping_test_command_1.txt")
        self.assertEqual(command, expected)

        # sudo
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs["sudo"] = True
        kwargs["user"] = LOGGED_USER_USERNAME
        kwargs["named_args"] = OrderedDict([
            ("key1", "value foo bar"),
            ("key2", 'value "bar" foo'),
            ("key3", "date ; whoami"),
            ("key4", '"date ; whoami"'),
        ])
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        expected = self._get_fixture("escaping_test_command_2.txt")
        self.assertEqual(command, expected)
Example #13
0
    def run(self, action_parameters):
        if not self.entry_point:
            raise ValueError('Missing entry_point action metadata attribute')

        script_local_path_abs = self.entry_point
        positional_args, named_args = self._get_script_args(action_parameters)
        named_args = self._transform_named_args(named_args)

        action = ShellScriptAction(name=self.action_name,
                                   action_exec_id=str(self.liveaction_id),
                                   script_local_path_abs=script_local_path_abs,
                                   named_args=named_args,
                                   positional_args=positional_args,
                                   user=self._user,
                                   env_vars=self._env,
                                   sudo=self._sudo,
                                   timeout=self._timeout,
                                   cwd=self._cwd,
                                   sudo_password=self._sudo_password)

        return self._run(action=action)
Example #14
0
    def run(self, action_parameters):
        LOG.debug('    action_parameters = %s', action_parameters)

        env_vars = self._env

        if not self.entry_point:
            script_action = False
            command = self.runner_parameters.get(RUNNER_COMMAND, None)
            action = ShellCommandAction(name=self.action_name,
                                        action_exec_id=str(self.liveaction_id),
                                        command=command,
                                        user=self._user,
                                        env_vars=env_vars,
                                        sudo=self._sudo,
                                        timeout=self._timeout)
        else:
            script_action = True
            script_local_path_abs = self.entry_point
            positional_args, named_args = self._get_script_args(action_parameters)
            named_args = self._transform_named_args(named_args)

            action = ShellScriptAction(name=self.action_name,
                                       action_exec_id=str(self.liveaction_id),
                                       script_local_path_abs=script_local_path_abs,
                                       named_args=named_args,
                                       positional_args=positional_args,
                                       user=self._user,
                                       env_vars=env_vars,
                                       sudo=self._sudo,
                                       timeout=self._timeout,
                                       cwd=self._cwd)

        args = action.get_full_command_string()

        # For consistency with the old Fabric based runner, make sure the file is executable
        if script_action:
            args = 'chmod +x %s ; %s' % (script_local_path_abs, args)

        env = os.environ.copy()

        # Include user provided env vars (if any)
        env.update(env_vars)

        # Make sure os.setsid is called on each spawned process so that all processes
        # are in the same group.
        process = subprocess.Popen(args=args, stdin=None, stdout=subprocess.PIPE,
                                   stderr=subprocess.PIPE, shell=True, cwd=self._cwd,
                                   env=env, preexec_fn=os.setsid)

        error_holder = {}

        def on_timeout_expired(timeout):
            try:
                process.wait(timeout=self._timeout)
            except subprocess.TimeoutExpired:
                # Set the error prior to kill the process else the error is not picked up due
                # to eventlet scheduling.
                error_holder['error'] = 'Action failed to complete in %s seconds' % (self._timeout)
                # Action has timed out, kill the process and propagate the error. The process
                # is started as sudo -u {{system_user}} -- bash -c {{command}}. Introduction of the
                # bash means that multiple independent processes are spawned without them being
                # children of the process we have access to and this requires use of pkill.
                # Ideally os.killpg should have done the trick but for some reason that failed.
                # Note: pkill will set the returncode to 143 so we don't need to explicitly set
                # it to some non-zero value.
                try:
                    killcommand = shlex.split('sudo pkill -TERM -s %s' % process.pid)
                    subprocess.call(killcommand)
                except:
                    LOG.exception('Unable to pkill.')

        timeout_expiry = eventlet.spawn(on_timeout_expired, self._timeout)

        stdout, stderr = process.communicate()
        timeout_expiry.cancel()
        error = error_holder.get('error', None)
        exit_code = process.returncode
        succeeded = (exit_code == 0)

        result = {
            'failed': not succeeded,
            'succeeded': succeeded,
            'return_code': exit_code,
            'stdout': stdout,
            'stderr': stderr
        }

        if error:
            result['error'] = error

        status = LIVEACTION_STATUS_SUCCEEDED if exit_code == 0 else LIVEACTION_STATUS_FAILED
        return (status, jsonify.json_loads(result, LocalShellRunner.KEYS_TO_TRANSFORM), None)
    def test_command_construction_with_parameters(self):
        # same user, named args, no positional args
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = LOGGED_USER_USERNAME
        kwargs['named_args'] = {'key1': 'value1', 'key2': 'value2'}
        kwargs['positional_args'] = []
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        self.assertEqual(command, '/tmp/foo.sh key2=value2 key1=value1')

        # different user, named args, no positional args
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = '******'
        kwargs['named_args'] = {'key1': 'value1', 'key2': 'value2'}
        kwargs['positional_args'] = ''
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        expected = 'sudo -E -u mauser -- bash -c \'/tmp/foo.sh key2=value2 key1=value1\''
        self.assertEqual(command, expected)

        # same user, positional args, no named args
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = LOGGED_USER_USERNAME
        kwargs['named_args'] = {}
        kwargs['positional_args'] = 'ein zwei drei'
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        self.assertEqual(command, '/tmp/foo.sh ein zwei drei')

        # different user, named args, positional args
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = '******'
        kwargs['named_args'] = {}
        kwargs['positional_args'] = 'ein zwei drei'
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        expected = 'sudo -E -u mauser -- bash -c \'/tmp/foo.sh ein zwei drei\''
        self.assertEqual(command, expected)

        # same user, positional and named args
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = LOGGED_USER_USERNAME
        kwargs['named_args'] = {'key1': 'value1', 'key2': 'value2'}
        kwargs['positional_args'] = 'ein zwei drei'
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        self.assertEqual(command, '/tmp/foo.sh key2=value2 key1=value1 ein zwei drei')

        # different user, positional and named args
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = '******'
        kwargs['named_args'] = {'key1': 'value1', 'key2': 'value2'}
        kwargs['positional_args'] = 'ein zwei drei'
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        expected = ('sudo -E -u mauser -- bash -c \'/tmp/foo.sh key2=value2 '
                    'key1=value1 ein zwei drei\'')
        self.assertEqual(command, expected)
    def test_command_construction_correct_default_parameter_values_are_used(self):
        runner_parameters = {}
        action_db_parameters = {
            'project': {
                'type': 'string',
                'default': 'st2',
                'position': 0,
            },
            'version': {
                'type': 'string',
                'position': 1,
                'required': True
            },
            'fork': {
                'type': 'string',
                'position': 2,
                'default': 'StackStorm',
            },
            'branch': {
                'type': 'string',
                'position': 3,
                'default': 'master',
            },
            'update_changelog': {
                'type': 'boolean',
                'position': 4,
                'default': False
            },
            'local_repo': {
                'type': 'string',
                'position': 5,
            }
        }
        context = {}

        action_db = ActionDB(pack='dummy', name='action')

        runner = LocalShellScriptRunner('id')
        runner.runner_parameters = {}
        runner.action = action_db

        # 1. All default values used
        live_action_db_parameters = {
            'project': 'st2flow',
            'version': '3.0.0',
            'fork': 'StackStorm',
            'local_repo': '/tmp/repo'
        }

        runner_params, action_params = param_utils.render_final_params(runner_parameters,
                                                action_db_parameters,
                                                live_action_db_parameters,
                                                context)

        self.assertDictEqual(action_params, {
            'project': 'st2flow',
            'version': '3.0.0',
            'fork': 'StackStorm',
            'branch': 'master',  # default value used
            'update_changelog': False,  # default value used
            'local_repo': '/tmp/repo'
        })

        action_db.parameters = action_db_parameters
        positional_args, named_args = runner._get_script_args(action_params)
        named_args = runner._transform_named_args(named_args)

        shell_script_action = ShellScriptAction(name='dummy', action_exec_id='dummy',
                                                script_local_path_abs='/tmp/local.sh',
                                                named_args=named_args,
                                                positional_args=positional_args)
        command_string = shell_script_action.get_full_command_string()

        expected = '/tmp/local.sh st2flow 3.0.0 StackStorm master 0 /tmp/repo'
        self.assertEqual(command_string, expected)

        # 2. Some default values used
        live_action_db_parameters = {
            'project': 'st2web',
            'version': '3.1.0',
            'fork': 'StackStorm1',
            'update_changelog': True,
            'local_repo': '/tmp/repob'
        }

        runner_params, action_params = param_utils.render_final_params(runner_parameters,
                                                action_db_parameters,
                                                live_action_db_parameters,
                                                context)

        self.assertDictEqual(action_params, {
            'project': 'st2web',
            'version': '3.1.0',
            'fork': 'StackStorm1',
            'branch': 'master',  # default value used
            'update_changelog': True,  # default value used
            'local_repo': '/tmp/repob'
        })

        action_db.parameters = action_db_parameters
        positional_args, named_args = runner._get_script_args(action_params)
        named_args = runner._transform_named_args(named_args)

        shell_script_action = ShellScriptAction(name='dummy', action_exec_id='dummy',
                                                script_local_path_abs='/tmp/local.sh',
                                                named_args=named_args,
                                                positional_args=positional_args)
        command_string = shell_script_action.get_full_command_string()

        expected = '/tmp/local.sh st2web 3.1.0 StackStorm1 master 1 /tmp/repob'
        self.assertEqual(command_string, expected)

        # 3. None is specified for a boolean parameter, should use a default
        live_action_db_parameters = {
            'project': 'st2rbac',
            'version': '3.2.0',
            'fork': 'StackStorm2',
            'update_changelog': None,
            'local_repo': '/tmp/repoc'
        }

        runner_params, action_params = param_utils.render_final_params(runner_parameters,
                                                action_db_parameters,
                                                live_action_db_parameters,
                                                context)

        self.assertDictEqual(action_params, {
            'project': 'st2rbac',
            'version': '3.2.0',
            'fork': 'StackStorm2',
            'branch': 'master',  # default value used
            'update_changelog': False,  # default value used
            'local_repo': '/tmp/repoc'
        })

        action_db.parameters = action_db_parameters
        positional_args, named_args = runner._get_script_args(action_params)
        named_args = runner._transform_named_args(named_args)

        shell_script_action = ShellScriptAction(name='dummy', action_exec_id='dummy',
                                                script_local_path_abs='/tmp/local.sh',
                                                named_args=named_args,
                                                positional_args=positional_args)
        command_string = shell_script_action.get_full_command_string()

        expected = '/tmp/local.sh st2rbac 3.2.0 StackStorm2 master 0 /tmp/repoc'
        self.assertEqual(command_string, expected)
Example #17
0
    def test_user_argument(self):
        # User is the same as logged user, no sudo should be used
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs["sudo"] = False
        kwargs["user"] = LOGGED_USER_USERNAME
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        self.assertEqual(command, "/tmp/foo.sh")

        # User is different, sudo should be used
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs["sudo"] = False
        kwargs["user"] = "******"
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        self.assertEqual(command,
                         "sudo -E -H -u mauser -- bash -c /tmp/foo.sh")

        # sudo with password
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs["sudo"] = False
        kwargs["user"] = "******"
        kwargs["sudo_password"] = "******"
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()

        expected_command = "sudo -S -E -H -u mauser -- bash -c /tmp/foo.sh"
        self.assertEqual(command, expected_command)

        # complex sudo password which needs escaping
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs["sudo"] = False
        kwargs["user"] = "******"
        kwargs["sudo_password"] = "******"sss"
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()

        expected_command = "sudo -S -E -H " "-u mauser -- bash -c /tmp/foo.sh"
        self.assertEqual(command, expected_command)

        command = action.get_sanitized_full_command_string()
        expected_command = ("echo -e '%s\n' | sudo -S -E -H "
                            "-u mauser -- bash -c /tmp/foo.sh" %
                            (MASKED_ATTRIBUTE_VALUE))
        self.assertEqual(command, expected_command)

        # sudo is used, it doesn't matter what user is specified since the
        # command should run as root
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs["sudo"] = True
        kwargs["user"] = "******"
        kwargs["sudo_password"] = "******"
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()

        expected_command = "sudo -S -E -- bash -c /tmp/foo.sh"
        self.assertEqual(command, expected_command)
Example #18
0
    def test_command_construction_with_parameters(self):
        # same user, named args, no positional args
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs["sudo"] = False
        kwargs["user"] = LOGGED_USER_USERNAME
        kwargs["named_args"] = OrderedDict([("key1", "value1"),
                                            ("key2", "value2")])
        kwargs["positional_args"] = []
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        self.assertEqual(command, "/tmp/foo.sh key1=value1 key2=value2")

        # same user, named args, no positional args, sudo password
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs["sudo"] = True
        kwargs["sudo_password"] = "******"
        kwargs["user"] = LOGGED_USER_USERNAME
        kwargs["named_args"] = OrderedDict([("key1", "value1"),
                                            ("key2", "value2")])
        kwargs["positional_args"] = []
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()

        expected = "sudo -S -E -- bash -c " "'/tmp/foo.sh key1=value1 key2=value2'"
        self.assertEqual(command, expected)

        # different user, named args, no positional args
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs["sudo"] = False
        kwargs["user"] = "******"
        kwargs["named_args"] = OrderedDict([("key1", "value1"),
                                            ("key2", "value2")])
        kwargs["positional_args"] = []
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        expected = (
            "sudo -E -H -u mauser -- bash -c '/tmp/foo.sh key1=value1 key2=value2'"
        )
        self.assertEqual(command, expected)

        # different user, named args, no positional args, sudo password
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs["sudo"] = False
        kwargs["sudo_password"] = "******"
        kwargs["user"] = "******"
        kwargs["named_args"] = OrderedDict([("key1", "value1"),
                                            ("key2", "value2")])
        kwargs["positional_args"] = []
        action = ShellScriptAction(**kwargs)

        command = action.get_full_command_string()
        expected = ("sudo -S -E -H -u mauser -- bash -c "
                    "'/tmp/foo.sh key1=value1 key2=value2'")
        self.assertEqual(command, expected)

        # same user, positional args, no named args
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs["sudo"] = False
        kwargs["user"] = LOGGED_USER_USERNAME
        kwargs["named_args"] = {}
        kwargs["positional_args"] = [
            "ein", "zwei", "drei", "mamma mia", "foo\nbar"
        ]
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        self.assertEqual(command,
                         "/tmp/foo.sh ein zwei drei 'mamma mia' 'foo\nbar'")

        # different user, named args, positional args
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs["sudo"] = False
        kwargs["user"] = "******"
        kwargs["named_args"] = {}
        kwargs["positional_args"] = ["ein", "zwei", "drei", "mamma mia"]
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        ex = ("sudo -E -H -u mauser -- "
              "bash -c '/tmp/foo.sh ein zwei drei '\"'\"'mamma mia'\"'\"''")
        self.assertEqual(command, ex)

        # same user, positional and named args
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs["sudo"] = False
        kwargs["user"] = LOGGED_USER_USERNAME
        kwargs["named_args"] = OrderedDict([("key1", "value1"),
                                            ("key2", "value2"),
                                            ("key3", "value 3")])

        kwargs["positional_args"] = ["ein", "zwei", "drei"]
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        exp = "/tmp/foo.sh key1=value1 key2=value2 key3='value 3' ein zwei drei"
        self.assertEqual(command, exp)

        # different user, positional and named args
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs["sudo"] = False
        kwargs["user"] = "******"
        kwargs["named_args"] = OrderedDict([("key1", "value1"),
                                            ("key2", "value2"),
                                            ("key3", "value 3")])
        kwargs["positional_args"] = ["ein", "zwei", "drei"]
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        expected = (
            "sudo -E -H -u mauser -- bash -c '/tmp/foo.sh key1=value1 key2=value2 "
            "key3='\"'\"'value 3'\"'\"' ein zwei drei'")
        self.assertEqual(command, expected)
Example #19
0
    def test_command_construction_with_parameters(self):
        # same user, named args, no positional args
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = LOGGED_USER_USERNAME
        kwargs['named_args'] = {'key1': 'value1', 'key2': 'value2'}
        kwargs['positional_args'] = []
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        self.assertEqual(command, '/tmp/foo.sh key2=value2 key1=value1')

        # different user, named args, no positional args
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = '******'
        kwargs['named_args'] = {'key1': 'value1', 'key2': 'value2'}
        kwargs['positional_args'] = ''
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        expected = 'sudo -E -u mauser -- bash -c \'/tmp/foo.sh key2=value2 key1=value1\''
        self.assertEqual(command, expected)

        # same user, positional args, no named args
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = LOGGED_USER_USERNAME
        kwargs['named_args'] = {}
        kwargs['positional_args'] = 'ein zwei drei'
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        self.assertEqual(command, '/tmp/foo.sh ein zwei drei')

        # different user, named args, positional args
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = '******'
        kwargs['named_args'] = {}
        kwargs['positional_args'] = 'ein zwei drei'
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        expected = 'sudo -E -u mauser -- bash -c \'/tmp/foo.sh ein zwei drei\''
        self.assertEqual(command, expected)

        # same user, positional and named args
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = LOGGED_USER_USERNAME
        kwargs['named_args'] = {'key1': 'value1', 'key2': 'value2'}
        kwargs['positional_args'] = 'ein zwei drei'
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        self.assertEqual(command,
                         '/tmp/foo.sh key2=value2 key1=value1 ein zwei drei')

        # different user, positional and named args
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = '******'
        kwargs['named_args'] = {'key1': 'value1', 'key2': 'value2'}
        kwargs['positional_args'] = 'ein zwei drei'
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        expected = ('sudo -E -u mauser -- bash -c \'/tmp/foo.sh key2=value2 '
                    'key1=value1 ein zwei drei\'')
        self.assertEqual(command, expected)
    def test_command_construction_correct_default_parameter_values_are_used(self):
        runner_parameters = {}
        action_db_parameters = {
            'project': {
                'type': 'string',
                'default': 'st2',
                'position': 0,
            },
            'version': {
                'type': 'string',
                'position': 1,
                'required': True
            },
            'fork': {
                'type': 'string',
                'position': 2,
                'default': 'StackStorm',
            },
            'branch': {
                'type': 'string',
                'position': 3,
                'default': 'master',
            },
            'update_mistral': {
                'type': 'boolean',
                'position': 4,
                'default': False
            },
            'update_changelog': {
                'type': 'boolean',
                'position': 5,
                'default': False
            },
            'local_repo': {
                'type': 'string',
                'position': 6,
            }
        }
        context = {}

        action_db = ActionDB(pack='dummy', name='action')

        runner = LocalShellScriptRunner('id')
        runner.runner_parameters = {}
        runner.action = action_db

        # 1. All default values used
        live_action_db_parameters = {
            'project': 'st2flow',
            'version': '3.0.0',
            'fork': 'StackStorm',
            'local_repo': '/tmp/repo'
        }

        runner_params, action_params = param_utils.render_final_params(runner_parameters,
                                                action_db_parameters,
                                                live_action_db_parameters,
                                                context)

        self.assertDictEqual(action_params, {
            'project': 'st2flow',
            'version': '3.0.0',
            'fork': 'StackStorm',
            'branch': 'master',  # default value used
            'update_mistral': False,  # default value used
            'update_changelog': False,  # default value used
            'local_repo': '/tmp/repo'
        })

        action_db.parameters = action_db_parameters
        positional_args, named_args = runner._get_script_args(action_params)
        named_args = runner._transform_named_args(named_args)

        shell_script_action = ShellScriptAction(name='dummy', action_exec_id='dummy',
                                                script_local_path_abs='/tmp/local.sh',
                                                named_args=named_args,
                                                positional_args=positional_args)
        command_string = shell_script_action.get_full_command_string()

        expected = '/tmp/local.sh st2flow 3.0.0 StackStorm master 0 0 /tmp/repo'
        self.assertEqual(command_string, expected)

        # 2. Some default values used
        live_action_db_parameters = {
            'project': 'st2web',
            'version': '3.1.0',
            'fork': 'StackStorm1',
            'update_changelog': True,
            'local_repo': '/tmp/repob'
        }

        runner_params, action_params = param_utils.render_final_params(runner_parameters,
                                                action_db_parameters,
                                                live_action_db_parameters,
                                                context)

        self.assertDictEqual(action_params, {
            'project': 'st2web',
            'version': '3.1.0',
            'fork': 'StackStorm1',
            'branch': 'master',  # default value used
            'update_mistral': False,  # default value used
            'update_changelog': True,  # default value used
            'local_repo': '/tmp/repob'
        })

        action_db.parameters = action_db_parameters
        positional_args, named_args = runner._get_script_args(action_params)
        named_args = runner._transform_named_args(named_args)

        shell_script_action = ShellScriptAction(name='dummy', action_exec_id='dummy',
                                                script_local_path_abs='/tmp/local.sh',
                                                named_args=named_args,
                                                positional_args=positional_args)
        command_string = shell_script_action.get_full_command_string()

        expected = '/tmp/local.sh st2web 3.1.0 StackStorm1 master 0 1 /tmp/repob'
        self.assertEqual(command_string, expected)

        # 3. None is specified for a boolean parameter, should use a default
        live_action_db_parameters = {
            'project': 'st2rbac',
            'version': '3.2.0',
            'fork': 'StackStorm2',
            'update_changelog': None,
            'local_repo': '/tmp/repoc'
        }

        runner_params, action_params = param_utils.render_final_params(runner_parameters,
                                                action_db_parameters,
                                                live_action_db_parameters,
                                                context)

        self.assertDictEqual(action_params, {
            'project': 'st2rbac',
            'version': '3.2.0',
            'fork': 'StackStorm2',
            'branch': 'master',  # default value used
            'update_mistral': False,  # default value used
            'update_changelog': False,  # default value used
            'local_repo': '/tmp/repoc'
        })

        action_db.parameters = action_db_parameters
        positional_args, named_args = runner._get_script_args(action_params)
        named_args = runner._transform_named_args(named_args)

        shell_script_action = ShellScriptAction(name='dummy', action_exec_id='dummy',
                                                script_local_path_abs='/tmp/local.sh',
                                                named_args=named_args,
                                                positional_args=positional_args)
        command_string = shell_script_action.get_full_command_string()

        expected = '/tmp/local.sh st2rbac 3.2.0 StackStorm2 master 0 0 /tmp/repoc'
        self.assertEqual(command_string, expected)
    def run(self, action_parameters):
        env_vars = self._env

        if not self.entry_point:
            script_action = False
            command = self.runner_parameters.get(RUNNER_COMMAND, None)
            action = ShellCommandAction(name=self.action_name,
                                        action_exec_id=str(self.liveaction_id),
                                        command=command,
                                        user=self._user,
                                        env_vars=env_vars,
                                        sudo=self._sudo,
                                        timeout=self._timeout)
        else:
            script_action = True
            script_local_path_abs = self.entry_point
            positional_args, named_args = self._get_script_args(
                action_parameters)
            named_args = self._transform_named_args(named_args)

            action = ShellScriptAction(
                name=self.action_name,
                action_exec_id=str(self.liveaction_id),
                script_local_path_abs=script_local_path_abs,
                named_args=named_args,
                positional_args=positional_args,
                user=self._user,
                env_vars=env_vars,
                sudo=self._sudo,
                timeout=self._timeout,
                cwd=self._cwd)

        args = action.get_full_command_string()

        # For consistency with the old Fabric based runner, make sure the file is executable
        if script_action:
            args = 'chmod +x %s ; %s' % (script_local_path_abs, args)

        env = os.environ.copy()

        # Include user provided env vars (if any)
        env.update(env_vars)

        # Include common st2 env vars
        st2_env_vars = self._get_common_action_env_variables()
        env.update(st2_env_vars)

        LOG.info('Executing action via LocalRunner: %s', self.runner_id)
        LOG.info(
            '[Action info] name: %s, Id: %s, command: %s, user: %s, sudo: %s' %
            (action.name, action.action_exec_id, args, action.user,
             action.sudo))

        # Make sure os.setsid is called on each spawned process so that all processes
        # are in the same group.

        # Process is started as sudo -u {{system_user}} -- bash -c {{command}}. Introduction of the
        # bash means that multiple independent processes are spawned without them being
        # children of the process we have access to and this requires use of pkill.
        # Ideally os.killpg should have done the trick but for some reason that failed.
        # Note: pkill will set the returncode to 143 so we don't need to explicitly set
        # it to some non-zero value.
        exit_code, stdout, stderr, timed_out = run_command(
            cmd=args,
            stdin=None,
            stdout=subprocess.PIPE,
            stderr=subprocess.PIPE,
            shell=True,
            cwd=self._cwd,
            env=env,
            timeout=self._timeout,
            preexec_func=os.setsid,
            kill_func=kill_process)

        error = None

        if timed_out:
            error = 'Action failed to complete in %s seconds' % (self._timeout)
            exit_code = -9

        succeeded = (exit_code == 0)

        result = {
            'failed': not succeeded,
            'succeeded': succeeded,
            'return_code': exit_code,
            'stdout': strip_shell_chars(stdout),
            'stderr': strip_shell_chars(stderr)
        }

        if error:
            result['error'] = error

        if exit_code == 0:
            status = LIVEACTION_STATUS_SUCCEEDED
        elif timed_out:
            status = LIVEACTION_STATUS_TIMED_OUT
        else:
            status = LIVEACTION_STATUS_FAILED

        return (status,
                jsonify.json_loads(result,
                                   LocalShellRunner.KEYS_TO_TRANSFORM), None)
Example #22
0
    def test_command_construction_correct_default_parameter_values_are_used(
            self):
        runner_parameters = {}
        action_db_parameters = {
            "project": {
                "type": "string",
                "default": "st2",
                "position": 0,
            },
            "version": {
                "type": "string",
                "position": 1,
                "required": True
            },
            "fork": {
                "type": "string",
                "position": 2,
                "default": "StackStorm",
            },
            "branch": {
                "type": "string",
                "position": 3,
                "default": "master",
            },
            "update_changelog": {
                "type": "boolean",
                "position": 4,
                "default": False
            },
            "local_repo": {
                "type": "string",
                "position": 5,
            },
        }
        context = {}

        action_db = ActionDB(pack="dummy", name="action")

        runner = LocalShellScriptRunner("id")
        runner.runner_parameters = {}
        runner.action = action_db

        # 1. All default values used
        live_action_db_parameters = {
            "project": "st2flow",
            "version": "3.0.0",
            "fork": "StackStorm",
            "local_repo": "/tmp/repo",
        }

        runner_params, action_params = param_utils.render_final_params(
            runner_parameters, action_db_parameters, live_action_db_parameters,
            context)

        self.assertDictEqual(
            action_params,
            {
                "project": "st2flow",
                "version": "3.0.0",
                "fork": "StackStorm",
                "branch": "master",  # default value used
                "update_changelog": False,  # default value used
                "local_repo": "/tmp/repo",
            },
        )

        action_db.parameters = action_db_parameters
        positional_args, named_args = runner._get_script_args(action_params)
        named_args = runner._transform_named_args(named_args)

        shell_script_action = ShellScriptAction(
            name="dummy",
            action_exec_id="dummy",
            script_local_path_abs="/tmp/local.sh",
            named_args=named_args,
            positional_args=positional_args,
        )
        command_string = shell_script_action.get_full_command_string()

        expected = "/tmp/local.sh st2flow 3.0.0 StackStorm master 0 /tmp/repo"
        self.assertEqual(command_string, expected)

        # 2. Some default values used
        live_action_db_parameters = {
            "project": "st2web",
            "version": "3.1.0",
            "fork": "StackStorm1",
            "update_changelog": True,
            "local_repo": "/tmp/repob",
        }

        runner_params, action_params = param_utils.render_final_params(
            runner_parameters, action_db_parameters, live_action_db_parameters,
            context)

        self.assertDictEqual(
            action_params,
            {
                "project": "st2web",
                "version": "3.1.0",
                "fork": "StackStorm1",
                "branch": "master",  # default value used
                "update_changelog": True,  # default value used
                "local_repo": "/tmp/repob",
            },
        )

        action_db.parameters = action_db_parameters
        positional_args, named_args = runner._get_script_args(action_params)
        named_args = runner._transform_named_args(named_args)

        shell_script_action = ShellScriptAction(
            name="dummy",
            action_exec_id="dummy",
            script_local_path_abs="/tmp/local.sh",
            named_args=named_args,
            positional_args=positional_args,
        )
        command_string = shell_script_action.get_full_command_string()

        expected = "/tmp/local.sh st2web 3.1.0 StackStorm1 master 1 /tmp/repob"
        self.assertEqual(command_string, expected)

        # 3. None is specified for a boolean parameter, should use a default
        live_action_db_parameters = {
            "project": "st2rbac",
            "version": "3.2.0",
            "fork": "StackStorm2",
            "update_changelog": None,
            "local_repo": "/tmp/repoc",
        }

        runner_params, action_params = param_utils.render_final_params(
            runner_parameters, action_db_parameters, live_action_db_parameters,
            context)

        self.assertDictEqual(
            action_params,
            {
                "project": "st2rbac",
                "version": "3.2.0",
                "fork": "StackStorm2",
                "branch": "master",  # default value used
                "update_changelog": False,  # default value used
                "local_repo": "/tmp/repoc",
            },
        )

        action_db.parameters = action_db_parameters
        positional_args, named_args = runner._get_script_args(action_params)
        named_args = runner._transform_named_args(named_args)

        shell_script_action = ShellScriptAction(
            name="dummy",
            action_exec_id="dummy",
            script_local_path_abs="/tmp/local.sh",
            named_args=named_args,
            positional_args=positional_args,
        )
        command_string = shell_script_action.get_full_command_string()

        expected = "/tmp/local.sh st2rbac 3.2.0 StackStorm2 master 0 /tmp/repoc"
        self.assertEqual(command_string, expected)
    def test_command_construction_with_parameters(self):
        # same user, named args, no positional args
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = LOGGED_USER_USERNAME
        kwargs['named_args'] = OrderedDict([
            ('key1', 'value1'),
            ('key2', 'value2')
        ])
        kwargs['positional_args'] = []
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        self.assertEqual(command, '/tmp/foo.sh key1=value1 key2=value2')

        # same user, named args, no positional args, sudo password
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = True
        kwargs['sudo_password'] = '******'
        kwargs['user'] = LOGGED_USER_USERNAME
        kwargs['named_args'] = OrderedDict([
            ('key1', 'value1'),
            ('key2', 'value2')
        ])
        kwargs['positional_args'] = []
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()

        expected = ('sudo -S -E -- bash -c '
                    '\'/tmp/foo.sh key1=value1 key2=value2\'')
        self.assertEqual(command, expected)

        # different user, named args, no positional args
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = '******'
        kwargs['named_args'] = OrderedDict([
            ('key1', 'value1'),
            ('key2', 'value2')
        ])
        kwargs['positional_args'] = []
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        expected = 'sudo -E -H -u mauser -- bash -c \'/tmp/foo.sh key1=value1 key2=value2\''
        self.assertEqual(command, expected)

        # different user, named args, no positional args, sudo password
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['sudo_password'] = '******'
        kwargs['user'] = '******'
        kwargs['named_args'] = OrderedDict([
            ('key1', 'value1'),
            ('key2', 'value2')
        ])
        kwargs['positional_args'] = []
        action = ShellScriptAction(**kwargs)

        command = action.get_full_command_string()
        expected = ('sudo -S -E -H -u mauser -- bash -c '
                    '\'/tmp/foo.sh key1=value1 key2=value2\'')
        self.assertEqual(command, expected)

        # same user, positional args, no named args
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = LOGGED_USER_USERNAME
        kwargs['named_args'] = {}
        kwargs['positional_args'] = ['ein', 'zwei', 'drei', 'mamma mia', 'foo\nbar']
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        self.assertEqual(command, '/tmp/foo.sh ein zwei drei \'mamma mia\' \'foo\nbar\'')

        # different user, named args, positional args
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = '******'
        kwargs['named_args'] = {}
        kwargs['positional_args'] = ['ein', 'zwei', 'drei', 'mamma mia']
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        ex = ('sudo -E -H -u mauser -- '
              'bash -c \'/tmp/foo.sh ein zwei drei \'"\'"\'mamma mia\'"\'"\'\'')
        self.assertEqual(command, ex)

        # same user, positional and named args
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = LOGGED_USER_USERNAME
        kwargs['named_args'] = OrderedDict([
            ('key1', 'value1'),
            ('key2', 'value2'),
            ('key3', 'value 3')
        ])

        kwargs['positional_args'] = ['ein', 'zwei', 'drei']
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        exp = '/tmp/foo.sh key1=value1 key2=value2 key3=\'value 3\' ein zwei drei'
        self.assertEqual(command, exp)

        # different user, positional and named args
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = '******'
        kwargs['named_args'] = OrderedDict([
            ('key1', 'value1'),
            ('key2', 'value2'),
            ('key3', 'value 3')
        ])
        kwargs['positional_args'] = ['ein', 'zwei', 'drei']
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        expected = ('sudo -E -H -u mauser -- bash -c \'/tmp/foo.sh key1=value1 key2=value2 '
                    'key3=\'"\'"\'value 3\'"\'"\' ein zwei drei\'')
        self.assertEqual(command, expected)
    def test_user_argument(self):
        # User is the same as logged user, no sudo should be used
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = LOGGED_USER_USERNAME
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        self.assertEqual(command, '/tmp/foo.sh')

        # User is different, sudo should be used
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = '******'
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        self.assertEqual(command, 'sudo -E -H -u mauser -- bash -c /tmp/foo.sh')

        # sudo with password
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = '******'
        kwargs['sudo_password'] = '******'
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()

        expected_command = 'sudo -S -E -H -u mauser -- bash -c /tmp/foo.sh'
        self.assertEqual(command, expected_command)

        # complex sudo password which needs escaping
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = '******'
        kwargs['sudo_password'] = '******'as"sss'
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()

        expected_command = ('sudo -S -E -H '
                            '-u mauser -- bash -c /tmp/foo.sh')
        self.assertEqual(command, expected_command)

        command = action.get_sanitized_full_command_string()
        expected_command = ('echo -e \'%s\n\' | sudo -S -E -H '
                            '-u mauser -- bash -c /tmp/foo.sh' % (MASKED_ATTRIBUTE_VALUE))
        self.assertEqual(command, expected_command)

        # sudo is used, it doesn't matter what user is specified since the
        # command should run as root
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = True
        kwargs['user'] = '******'
        kwargs['sudo_password'] = '******'
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()

        expected_command = 'sudo -S -E -- bash -c /tmp/foo.sh'
        self.assertEqual(command, expected_command)
    def test_command_construction_with_parameters(self):
        # same user, named args, no positional args
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = LOGGED_USER_USERNAME
        kwargs['named_args'] = OrderedDict([
            ('key1', 'value1'),
            ('key2', 'value2')
        ])
        kwargs['positional_args'] = []
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        self.assertEqual(command, '/tmp/foo.sh key1=value1 key2=value2')

        # same user, named args, no positional args, sudo password
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = True
        kwargs['sudo_password'] = '******'
        kwargs['user'] = LOGGED_USER_USERNAME
        kwargs['named_args'] = OrderedDict([
            ('key1', 'value1'),
            ('key2', 'value2')
        ])
        kwargs['positional_args'] = []
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()

        expected = ('sudo -S -E -- bash -c '
                    '\'/tmp/foo.sh key1=value1 key2=value2\'')
        self.assertEqual(command, expected)

        # different user, named args, no positional args
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = '******'
        kwargs['named_args'] = OrderedDict([
            ('key1', 'value1'),
            ('key2', 'value2')
        ])
        kwargs['positional_args'] = []
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        expected = 'sudo -E -H -u mauser -- bash -c \'/tmp/foo.sh key1=value1 key2=value2\''
        self.assertEqual(command, expected)

        # different user, named args, no positional args, sudo password
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['sudo_password'] = '******'
        kwargs['user'] = '******'
        kwargs['named_args'] = OrderedDict([
            ('key1', 'value1'),
            ('key2', 'value2')
        ])
        kwargs['positional_args'] = []
        action = ShellScriptAction(**kwargs)

        command = action.get_full_command_string()
        expected = ('sudo -S -E -H -u mauser -- bash -c '
                    '\'/tmp/foo.sh key1=value1 key2=value2\'')
        self.assertEqual(command, expected)

        # same user, positional args, no named args
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = LOGGED_USER_USERNAME
        kwargs['named_args'] = {}
        kwargs['positional_args'] = ['ein', 'zwei', 'drei', 'mamma mia', 'foo\nbar']
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        self.assertEqual(command, '/tmp/foo.sh ein zwei drei \'mamma mia\' \'foo\nbar\'')

        # different user, named args, positional args
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = '******'
        kwargs['named_args'] = {}
        kwargs['positional_args'] = ['ein', 'zwei', 'drei', 'mamma mia']
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        ex = ('sudo -E -H -u mauser -- '
              'bash -c \'/tmp/foo.sh ein zwei drei \'"\'"\'mamma mia\'"\'"\'\'')
        self.assertEqual(command, ex)

        # same user, positional and named args
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = LOGGED_USER_USERNAME
        kwargs['named_args'] = OrderedDict([
            ('key1', 'value1'),
            ('key2', 'value2'),
            ('key3', 'value 3')
        ])

        kwargs['positional_args'] = ['ein', 'zwei', 'drei']
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        exp = '/tmp/foo.sh key1=value1 key2=value2 key3=\'value 3\' ein zwei drei'
        self.assertEqual(command, exp)

        # different user, positional and named args
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = '******'
        kwargs['named_args'] = OrderedDict([
            ('key1', 'value1'),
            ('key2', 'value2'),
            ('key3', 'value 3')
        ])
        kwargs['positional_args'] = ['ein', 'zwei', 'drei']
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        expected = ('sudo -E -H -u mauser -- bash -c \'/tmp/foo.sh key1=value1 key2=value2 '
                    'key3=\'"\'"\'value 3\'"\'"\' ein zwei drei\'')
        self.assertEqual(command, expected)
Example #26
0
    def run(self, action_parameters):
        env_vars = self._env

        if not self.entry_point:
            script_action = False
            command = self.runner_parameters.get(RUNNER_COMMAND, None)
            action = ShellCommandAction(name=self.action_name,
                                        action_exec_id=str(self.liveaction_id),
                                        command=command,
                                        user=self._user,
                                        env_vars=env_vars,
                                        sudo=self._sudo,
                                        timeout=self._timeout,
                                        sudo_password=self._sudo_password)
        else:
            script_action = True
            script_local_path_abs = self.entry_point
            positional_args, named_args = self._get_script_args(action_parameters)
            named_args = self._transform_named_args(named_args)

            action = ShellScriptAction(name=self.action_name,
                                       action_exec_id=str(self.liveaction_id),
                                       script_local_path_abs=script_local_path_abs,
                                       named_args=named_args,
                                       positional_args=positional_args,
                                       user=self._user,
                                       env_vars=env_vars,
                                       sudo=self._sudo,
                                       timeout=self._timeout,
                                       cwd=self._cwd,
                                       sudo_password=self._sudo_password)

        args = action.get_full_command_string()
        sanitized_args = action.get_sanitized_full_command_string()

        # For consistency with the old Fabric based runner, make sure the file is executable
        if script_action:
            args = 'chmod +x %s ; %s' % (script_local_path_abs, args)
            sanitized_args = 'chmod +x %s ; %s' % (script_local_path_abs, sanitized_args)

        env = os.environ.copy()

        # Include user provided env vars (if any)
        env.update(env_vars)

        # Include common st2 env vars
        st2_env_vars = self._get_common_action_env_variables()
        env.update(st2_env_vars)

        LOG.info('Executing action via LocalRunner: %s', self.runner_id)
        LOG.info('[Action info] name: %s, Id: %s, command: %s, user: %s, sudo: %s' %
                 (action.name, action.action_exec_id, sanitized_args, action.user, action.sudo))

        stdout = StringIO()
        stderr = StringIO()

        store_execution_stdout_line = functools.partial(store_execution_output_data,
                                                        output_type='stdout')
        store_execution_stderr_line = functools.partial(store_execution_output_data,
                                                        output_type='stderr')

        read_and_store_stdout = make_read_and_store_stream_func(execution_db=self.execution,
            action_db=self.action, store_data_func=store_execution_stdout_line)
        read_and_store_stderr = make_read_and_store_stream_func(execution_db=self.execution,
            action_db=self.action, store_data_func=store_execution_stderr_line)

        # If sudo password is provided, pass it to the subprocess via stdin>
        # Note: We don't need to explicitly escape the argument because we pass command as a list
        # to subprocess.Popen and all the arguments are escaped by the function.
        if self._sudo_password:
            LOG.debug('Supplying sudo password via stdin')
            echo_process = subprocess.Popen(['echo', self._sudo_password + '\n'],
                                            stdout=subprocess.PIPE)
            stdin = echo_process.stdout
        else:
            stdin = None

        # Make sure os.setsid is called on each spawned process so that all processes
        # are in the same group.

        # Process is started as sudo -u {{system_user}} -- bash -c {{command}}. Introduction of the
        # bash means that multiple independent processes are spawned without them being
        # children of the process we have access to and this requires use of pkill.
        # Ideally os.killpg should have done the trick but for some reason that failed.
        # Note: pkill will set the returncode to 143 so we don't need to explicitly set
        # it to some non-zero value.
        exit_code, stdout, stderr, timed_out = shell.run_command(cmd=args,
                                                                 stdin=stdin,
                                                                 stdout=subprocess.PIPE,
                                                                 stderr=subprocess.PIPE,
                                                                 shell=True,
                                                                 cwd=self._cwd,
                                                                 env=env,
                                                                 timeout=self._timeout,
                                                                 preexec_func=os.setsid,
                                                                 kill_func=kill_process,
                                                           read_stdout_func=read_and_store_stdout,
                                                           read_stderr_func=read_and_store_stderr,
                                                           read_stdout_buffer=stdout,
                                                           read_stderr_buffer=stderr)

        error = None

        if timed_out:
            error = 'Action failed to complete in %s seconds' % (self._timeout)
            exit_code = -1 * exit_code_constants.SIGKILL_EXIT_CODE

        # Detect if user provided an invalid sudo password or sudo is not configured for that user
        if self._sudo_password:
            if re.search('sudo: \d+ incorrect password attempts', stderr):
                match = re.search('\[sudo\] password for (.+?)\:', stderr)

                if match:
                    username = match.groups()[0]
                else:
                    username = '******'

                error = ('Invalid sudo password provided or sudo is not configured for this user '
                        '(%s)' % (username))
                exit_code = -1

        succeeded = (exit_code == exit_code_constants.SUCCESS_EXIT_CODE)

        result = {
            'failed': not succeeded,
            'succeeded': succeeded,
            'return_code': exit_code,
            'stdout': strip_shell_chars(stdout),
            'stderr': strip_shell_chars(stderr)
        }

        if error:
            result['error'] = error

        status = PROC_EXIT_CODE_TO_LIVEACTION_STATUS_MAP.get(
            str(exit_code),
            action_constants.LIVEACTION_STATUS_FAILED
        )

        return (status, jsonify.json_loads(result, LocalShellRunner.KEYS_TO_TRANSFORM), None)
    def test_user_argument(self):
        # User is the same as logged user, no sudo should be used
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = LOGGED_USER_USERNAME
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        self.assertEqual(command, '/tmp/foo.sh')

        # User is different, sudo should be used
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = '******'
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()
        self.assertEqual(command, 'sudo -E -H -u mauser -- bash -c /tmp/foo.sh')

        # sudo with password
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = '******'
        kwargs['sudo_password'] = '******'
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()

        expected_command = 'sudo -S -E -H -u mauser -- bash -c /tmp/foo.sh'
        self.assertEqual(command, expected_command)

        # complex sudo password which needs escaping
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = False
        kwargs['user'] = '******'
        kwargs['sudo_password'] = '******'as"sss'
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()

        expected_command = ('sudo -S -E -H '
                            '-u mauser -- bash -c /tmp/foo.sh')
        self.assertEqual(command, expected_command)

        command = action.get_sanitized_full_command_string()
        expected_command = ('echo -e \'%s\n\' | sudo -S -E -H '
                            '-u mauser -- bash -c /tmp/foo.sh' % (MASKED_ATTRIBUTE_VALUE))
        self.assertEqual(command, expected_command)

        # sudo is used, it doesn't matter what user is specified since the
        # command should run as root
        kwargs = copy.deepcopy(self._base_kwargs)
        kwargs['sudo'] = True
        kwargs['user'] = '******'
        kwargs['sudo_password'] = '******'
        action = ShellScriptAction(**kwargs)
        command = action.get_full_command_string()

        expected_command = 'sudo -S -E -- bash -c /tmp/foo.sh'
        self.assertEqual(command, expected_command)