Merge lp:~joeborg/charm-helpers/charm-helpers into lp:charm-helpers
Proposed by
Joseph Borg
Status: | Needs review |
---|---|
Proposed branch: | lp:~joeborg/charm-helpers/charm-helpers |
Merge into: | lp:charm-helpers |
Diff against target: |
228 lines (+84/-15) 10 files modified
charmhelpers/contrib/hardening/apache/checks/config.py (+4/-1) charmhelpers/contrib/hardening/apache/templates/hardening.conf (+3/-0) charmhelpers/contrib/hardening/defaults/apache.yaml (+4/-2) charmhelpers/contrib/hardening/defaults/apache.yaml.schema (+2/-0) charmhelpers/contrib/hardening/host/checks/__init__.py (+2/-0) charmhelpers/contrib/hardening/host/checks/openstack.py (+30/-0) tests/contrib/hardening/apache/checks/test_config.py (+7/-3) tests/contrib/hardening/host/checks/test_limits.py (+5/-8) tests/contrib/hardening/host/checks/test_openstack.py (+24/-0) tests/contrib/hardening/test_templating.py (+3/-1) |
To merge this branch: | bzr merge lp:~joeborg/charm-helpers/charm-helpers |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Edward Hope-Morley | Needs Fixing | ||
Ante Karamatić (community) | Approve | ||
Review via email: mp+319830@code.launchpad.net |
To post a comment you must log in.
Unmerged revisions
- 721. By Joseph Borg
-
Hardening Apache ciphers
- 720. By Joseph Borg
-
Moving Openstack hardening audits into own module
- 719. By Joseph Borg
-
Adding checks on Openstack specific files when in hardening mode
- 718. By Joseph Borg
-
Enforcing Apache welcome page is deleted when hardening is enabled
Hi Joseph, thank you for submitting a patch to charm-helpers. In general your patch looks good and unit tests are passing. I do however have one comment that i'd like you to consider;
The os module is not intended to be used for the hardening of non-system applications. I think it would be wiser, particularly given the potential scope, to have an openstack module that performs hardening of Openstack-specific resources. Alternatively, we could add support to the os module to perform perm ops on arbitrary files but that seems less clean. I'll leave it to you to decide.