juju-core

Code review comment for lp:~axwalk/juju-core/lp1235130-local-legacy-certs-take2

lp1235130-local-legacy-certs-take2
Merge into trunk

Revision history for this message

Andrew Wilkins (axwalk) wrote on 2013-10-04:

Reviewers: mp+189235_code.launchpad.net,

Message:
Please take a look.

Description:
provider/local: don't try to chown certs

Fixes #1235130

https://code.launchpad.net/~axwalk/juju-core/lp1235130-local-legacy-certs-take2/+merge/189235

(do not edit description out of merge proposal)

Please review this at https://codereview.appspot.com/14289044/

Affected files (+2, -26 lines):
A [revision details]
M provider/local/environ.go

Index: [revision details]
=== added file '[revision details]'
--- [revision details] 2012-01-01 00:00:00 +0000
+++ [revision details] 2012-01-01 00:00:00 +0000
@@ -0,0 +1,2 @@
+Old revision: tarmac-20131003170932-4tkr0tu40wb0nfgl
+New revision: <email address hidden>

Index: provider/local/environ.go
=== modified file 'provider/local/environ.go'
--- provider/local/environ.go 2013-10-03 03:10:09 +0000
+++ provider/local/environ.go 2013-10-04 08:45:50 +0000
@@ -82,28 +82,6 @@
return "juju-agent-" + env.config.namespace()
}

-// ensureCertOwner checks to make sure that the cert files created
-// by the bootstrap command are owned by the user and not root.
-func (env *localEnviron) ensureCertOwner() error {
- files := []string{
- config.JujuHomePath(env.name + "-cert.pem"),
- config.JujuHomePath(env.name + "-private-key.pem"),
- }
-
- uid, gid, err := utils.SudoCallerIds()
- if err != nil {
- return err
- }
- if uid != 0 || gid != 0 {
- for _, filename := range files {
- if err := os.Chown(filename, uid, gid); err != nil {
- return err
- }
- }
- }
- return nil
-}
-
  // PrecheckInstance is specified in the environs.Prechecker interface.
  func (*localEnviron) PrecheckInstance(series string, cons
constraints.Value) error {
   return nil
@@ -126,10 +104,6 @@
    return err
   }

- if err := env.ensureCertOwner(); err != nil {
- logger.Errorf("failed to reassign ownership of the certs to the
user: %v", err)
- return err
- }
// TODO(thumper): check that the constraints don't
include "container=lxc" for now.

cert, key, err := env.setupLocalMongoService()

Reviewers: mp+189235_code.launchpad.net,

Message:
Please take a look.

Description:
provider/local: don't try to chown certs

Fixes #1235130

https://code.launchpad.net/~axwalk/juju-core/lp1235130-local-legacy-certs-take2/+merge/189235

(do not edit description out of merge proposal)

Please review this at https://codereview.appspot.com/14289044/

Affected files (+2, -26 lines):
   A [revision details]
   M provider/local/environ.go

Index: [revision details]
=== added file '[revision details]'
--- [revision details]	2012-01-01 00:00:00 +0000
+++ [revision details]	2012-01-01 00:00:00 +0000
@@ -0,0 +1,2 @@
+Old revision: tarmac-20131003170932-4tkr0tu40wb0nfgl
+New revision: andrew.wilkins@canonical.com-20131004084550-x6fa80lgziexr45u

Index: provider/local/environ.go
=== modified file 'provider/local/environ.go'
--- provider/local/environ.go	2013-10-03 03:10:09 +0000
+++ provider/local/environ.go	2013-10-04 08:45:50 +0000
@@ -82,28 +82,6 @@
  	return "juju-agent-" + env.config.namespace()
  }

-// ensureCertOwner checks to make sure that the cert files created
-// by the bootstrap command are owned by the user and not root.
-func (env *localEnviron) ensureCertOwner() error {
-	files := []string{
-		config.JujuHomePath(env.name + "-cert.pem"),
-		config.JujuHomePath(env.name + "-private-key.pem"),
-	}
-
-	uid, gid, err := utils.SudoCallerIds()
-	if err != nil {
-		return err
-	}
-	if uid != 0 || gid != 0 {
-		for _, filename := range files {
-			if err := os.Chown(filename, uid, gid); err != nil {
-				return err
-			}
-		}
-	}
-	return nil
-}
-
  // PrecheckInstance is specified in the environs.Prechecker interface.
  func (*localEnviron) PrecheckInstance(series string, cons  
constraints.Value) error {
  	return nil
@@ -126,10 +104,6 @@
  		return err
  	}

-	if err := env.ensureCertOwner(); err != nil {
-		logger.Errorf("failed to reassign ownership of the certs to the  
user: %v", err)
-		return err
-	}
  	// TODO(thumper): check that the constraints don't  
include "container=lxc" for now.

cert, key, err := env.setupLocalMongoService()

« Back to merge proposal