Charm Helpers

Merge lp:~shaner/charm-helpers/lp1712203 into lp:charm-helpers

  1. lp1712203
  2. Merge into devel
Proposed by Shane Peters
Status: Merged
Approved by: Alex Kavanagh
Approved revision: 786
Merged at revision: 788
Proposed branch: lp:~shaner/charm-helpers/lp1712203
Merge into: lp:charm-helpers
Diff against target: 35 lines (+11/-2)
2 files modified
charmhelpers/contrib/hardening/audits/apache.py (+2/-2)
tests/contrib/hardening/audits/test_apache_audits.py (+9/-0)
To merge this branch: bzr merge lp:~shaner/charm-helpers/lp1712203
Reviewer Review Type Date Requested Status
Alex Kavanagh Approve
Review via email: mp+329376@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Alex Kavanagh (ajkavanagh) wrote :

Added improvement comment to the code. Please see inline.

lp:~shaner/charm-helpers/lp1712203 updated
786. By Shane Peters

[shaner,r=] Fixes parsing of currently loaded apache modules

When hardening apache, the returned list of currently
enabled modules is always empty.

This change splits on linefeeds from the output of
'apachectl -M' instead of spaces which allows the
regex to match.

Since the returned list of modules could potentitialy
be used as input to '_disable_module' the regex was tweaked
to truncate the module name, removing the '_module' since
this is what a2dismod expects.

Closes-Bug: #1712203

Revision history for this message
Shane Peters (shaner) wrote :

Thanks Alex, testing this, it seems using splitlines() removes the need for 'strip()' as well.

Revision history for this message
Alex Kavanagh (ajkavanagh) wrote :

LGTM

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'charmhelpers/contrib/hardening/audits/apache.py'
--- charmhelpers/contrib/hardening/audits/apache.py 2016-07-06 14:41:05 +0000
+++ charmhelpers/contrib/hardening/audits/apache.py 2017-08-23 15:36:26 +0000
@@ -70,12 +70,12 @@
70 """Returns the modules which are enabled in Apache."""70 """Returns the modules which are enabled in Apache."""
71 output = subprocess.check_output(['apache2ctl', '-M'])71 output = subprocess.check_output(['apache2ctl', '-M'])
72 modules = []72 modules = []
73 for line in output.strip().split():73 for line in output.splitlines():
74 # Each line of the enabled module output looks like:74 # Each line of the enabled module output looks like:
75 # module_name (static|shared)75 # module_name (static|shared)
76 # Plus a header line at the top of the output which is stripped76 # Plus a header line at the top of the output which is stripped
77 # out by the regex.77 # out by the regex.
78 matcher = re.search(r'^ (\S*)', line)78 matcher = re.search(r'^ (\S*)_module (\S*)', line)
79 if matcher:79 if matcher:
80 modules.append(matcher.group(1))80 modules.append(matcher.group(1))
81 return modules81 return modules
8282
=== modified file 'tests/contrib/hardening/audits/test_apache_audits.py'
--- tests/contrib/hardening/audits/test_apache_audits.py 2016-07-06 14:41:05 +0000
+++ tests/contrib/hardening/audits/test_apache_audits.py 2017-08-23 15:36:26 +0000
@@ -75,3 +75,12 @@
75 audit.ensure_compliance()75 audit.ensure_compliance()
76 mock_disable_module.assert_has_calls([call('bar')])76 mock_disable_module.assert_has_calls([call('bar')])
77 mock_restart_apache.assert_has_calls([call()])77 mock_restart_apache.assert_has_calls([call()])
78
79 @patch('subprocess.check_output')
80 def test_get_loaded_modules(self, mock_check_output):
81 mock_check_output.return_value = ('Loaded Modules:\n'
82 ' foo_module (static)\n'
83 ' bar_module (shared)\n')
84 audit = apache.DisabledModuleAudit('bar')
85 result = audit._get_loaded_modules()
86 self.assertEqual(['foo', 'bar'], result)

Subscribers

People subscribed via source and target branches